Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
biubiu.exe

Overview

General Information

Sample name:biubiu.exe
Analysis ID:1580816
MD5:e49cb409df10bb4ef5e2f024995146fb
SHA1:1896057aafc5705cdc5d69d1906c6c9f2a294dd1
SHA256:a8af10f68d566fb3f7de1f27e354b70cde80286ca33eb4aaf3e9e048591870cb
Tags:biubiuexeuser-NDA0E
Infos:

Detection

Score:54
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected unpacking (creates a PE file in dynamic memory)
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Contains functionality to prevent local Windows debugging
Found API chain indicative of debugger detection
Potentially malicious time measurement code found
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found evaded block containing many API calls
Found evasive API chain (date check)
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
Installs a raw input device (often for capturing keystrokes)
Program does not show much activity (idle)
Queries information about the installed CPU (vendor, model number etc)
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64
  • biubiu.exe (PID: 3768 cmdline: "C:\Users\user\Desktop\biubiu.exe" MD5: E49CB409DF10BB4EF5E2F024995146FB)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: biubiu.exeReversingLabs: Detection: 28%
Source: biubiu.exeVirustotal: Detection: 38%Perma Link
Source: Submited SampleIntegrated Neural Analysis Model: Matched 89.8% probability
Source: biubiu.exe, 00000000.00000002.2358808337.00000000008DC000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_9d418920-7

Compliance

barindex
Source: C:\Users\user\Desktop\biubiu.exeUnpacked PE file: 0.2.biubiu.exe.400000.0.unpack
Source: biubiu.exeStatic PE information: certificate valid
Source: biubiu.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: https://www.sumatrapdfreader.org/dl/rel/3.6/SumatraPDF-3.6-64.pdb.lzsaaphics source: biubiu.exe, 00000000.00000002.2360861223.00000188C306F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: -64.pdb.lzsa source: biubiu.exe
Source: Binary string: C:\rprichard\proj\winpty\src\Release\x64\winpty.pdb source: biubiu.exe, 00000000.00000002.2361158172.00000188C5AD2000.00000040.00001000.00020000.00000000.sdmp, biubiu.exe, 00000000.00000002.2358808337.0000000000B3F000.00000040.00001000.00020000.00000000.sdmp
Source: Binary string: https://www.sumatrapdfreader.org/dl/PRE_RELEASE_VER/SumatraPDF-prerelprerel/3.6/SumatraPDF-rel/-64.pdb.lzsaInstallCrashHandler: skipping because !crashDumpPath source: biubiu.exe
Source: Binary string: https://www.sumatrapdfreader.org/dl/rel/3.6/SumatraPDF-3.6-64.pdb.lzsa source: biubiu.exe, 00000000.00000002.2360861223.00000188C306F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\rprichard\proj\winpty\src\Release\x64\winpty-agent.pdb source: biubiu.exe, 00000000.00000002.2358808337.0000000000BEB000.00000040.00001000.00020000.00000000.sdmp, biubiu.exe, 00000000.00000002.2361158172.00000188C5BEB000.00000040.00001000.00020000.00000000.sdmp
Source: Binary string: dbghelp::Initialize(): DynSymInitializeW() failedntdll.dlldbghelp::Initialize(): SymInitializeW() and SymInitialize() not present in dbghelp.dll%GSetProcessDEPPolicykernel32.dllSetDefaultDllDirectoriesSetDllDirectoryWGetProcessInformationIsWow64ProcessSetProcessMitigationPolicySetThreadDescriptionRtlCaptureStackBackTraceRtlCaptureContextGetThreadDpiAwarenessContextGetDpiForWindowuser32.dllNtSetInformationProcessGetGestureInfoSetGestureConfigSetThreadDpiAwarenessContextGetAwarenessFromDpiAwarenessContextOpenThemeDataIsAppThemeduxtheme.dllCloseGestureInfoHandleIsThemeBackgroundPartiallyTransparentIsThemeActiveDrawThemeBackgroundCloseThemeDataDwmIsCompositionEnableddwmapi.dllGetThemeColorSetWindowThemeDwmSetWindowAttributeDwmGetWindowAttributeDwmDefWindowProcDwmExtendFrameIntoClientAreaMiniDumpWriteDumpdbghelp.dllNormalizeStringnormaliz.dllSymSetOptionsSymGetOptionsSymCleanupSymInitializeWSymGetModuleBase64SymFunctionTableAccess64SymFromAddrStackWalk64SymGetLineFromAddr64SymRefreshModuleListSymSetSearchPathSymSetSearchPathWgdiplus.dllmsimg32.dllshlwapi.dllurlmon.dllversion.dllwindowscodecs.dllwininet.dllfilePDFfileChmfileDjVufileXPSfilePSfileTifffileGiffileJpegfilePngfileHdpfileJxrfileTgafileBmpfileCbzfileJp2fileWebpfileWdpfileZipfileCbtfileCb7fileCbrfileFb2fileTarfile7ZfileRarfileMobifileEpubdirectoryfileFb2zfileSvgfileTxtfileHTMLfilePalmDoc.txt.js.json.xml.logfile_id.dizread.me.nfo.tcr.ps.ps.gz.eps.fb2.fb2z.fbz.zfb2.fb2.zip.cbz.cbr.cb7.cbt.pdf.xps.oxps.chm.png.jpg.jpeg.gif.tif.tiff.bmp.tga.jxr.hdp.wdp.webp.epub.mobi.prc.azw.azw1.azw3.pdb.html.htm.xhtml.svg.djvu.jp2.zip.rar.7z.heic.avif.tarfileAviffileHeic7z source: biubiu.exe
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F3A02DEC FindFirstFileExW,0_2_00007FF7F3A02DEC
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39E0D84 FindFirstFileW,FindNextFileW,FindNextFileW,0_2_00007FF7F39E0D84
Source: C:\Users\user\Desktop\biubiu.exeCode function: 4x nop then mov rdi, 0000800000000000h0_2_004260C0
Source: C:\Users\user\Desktop\biubiu.exeCode function: 4x nop then mov rsi, r90_2_00426E80
Source: global trafficTCP traffic: 192.168.2.6:49710 -> 93.127.198.62:8444
Source: unknownTCP traffic detected without corresponding DNS query: 93.127.198.62
Source: unknownTCP traffic detected without corresponding DNS query: 93.127.198.62
Source: unknownTCP traffic detected without corresponding DNS query: 93.127.198.62
Source: unknownTCP traffic detected without corresponding DNS query: 93.127.198.62
Source: unknownTCP traffic detected without corresponding DNS query: 93.127.198.62
Source: unknownTCP traffic detected without corresponding DNS query: 93.127.198.62
Source: unknownTCP traffic detected without corresponding DNS query: 93.127.198.62
Source: unknownTCP traffic detected without corresponding DNS query: 93.127.198.62
Source: unknownTCP traffic detected without corresponding DNS query: 93.127.198.62
Source: unknownTCP traffic detected without corresponding DNS query: 93.127.198.62
Source: unknownTCP traffic detected without corresponding DNS query: 93.127.198.62
Source: unknownTCP traffic detected without corresponding DNS query: 93.127.198.62
Source: unknownTCP traffic detected without corresponding DNS query: 93.127.198.62
Source: unknownTCP traffic detected without corresponding DNS query: 93.127.198.62
Source: unknownTCP traffic detected without corresponding DNS query: 93.127.198.62
Source: unknownTCP traffic detected without corresponding DNS query: 93.127.198.62
Source: unknownTCP traffic detected without corresponding DNS query: 93.127.198.62
Source: unknownTCP traffic detected without corresponding DNS query: 93.127.198.62
Source: unknownTCP traffic detected without corresponding DNS query: 93.127.198.62
Source: unknownTCP traffic detected without corresponding DNS query: 93.127.198.62
Source: unknownTCP traffic detected without corresponding DNS query: 93.127.198.62
Source: unknownTCP traffic detected without corresponding DNS query: 93.127.198.62
Source: unknownTCP traffic detected without corresponding DNS query: 93.127.198.62
Source: unknownTCP traffic detected without corresponding DNS query: 93.127.198.62
Source: unknownTCP traffic detected without corresponding DNS query: 93.127.198.62
Source: unknownTCP traffic detected without corresponding DNS query: 93.127.198.62
Source: unknownTCP traffic detected without corresponding DNS query: 93.127.198.62
Source: unknownTCP traffic detected without corresponding DNS query: 93.127.198.62
Source: unknownTCP traffic detected without corresponding DNS query: 93.127.198.62
Source: unknownTCP traffic detected without corresponding DNS query: 93.127.198.62
Source: unknownTCP traffic detected without corresponding DNS query: 93.127.198.62
Source: unknownTCP traffic detected without corresponding DNS query: 93.127.198.62
Source: unknownTCP traffic detected without corresponding DNS query: 93.127.198.62
Source: unknownTCP traffic detected without corresponding DNS query: 93.127.198.62
Source: unknownTCP traffic detected without corresponding DNS query: 93.127.198.62
Source: unknownTCP traffic detected without corresponding DNS query: 93.127.198.62
Source: unknownTCP traffic detected without corresponding DNS query: 93.127.198.62
Source: unknownTCP traffic detected without corresponding DNS query: 93.127.198.62
Source: unknownTCP traffic detected without corresponding DNS query: 93.127.198.62
Source: unknownTCP traffic detected without corresponding DNS query: 93.127.198.62
Source: unknownTCP traffic detected without corresponding DNS query: 93.127.198.62
Source: unknownTCP traffic detected without corresponding DNS query: 93.127.198.62
Source: unknownTCP traffic detected without corresponding DNS query: 93.127.198.62
Source: unknownTCP traffic detected without corresponding DNS query: 93.127.198.62
Source: unknownTCP traffic detected without corresponding DNS query: 93.127.198.62
Source: unknownTCP traffic detected without corresponding DNS query: 93.127.198.62
Source: unknownTCP traffic detected without corresponding DNS query: 93.127.198.62
Source: unknownTCP traffic detected without corresponding DNS query: 93.127.198.62
Source: unknownTCP traffic detected without corresponding DNS query: 93.127.198.62
Source: unknownTCP traffic detected without corresponding DNS query: 93.127.198.62
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00000188C3040200 LoadLibraryA,WSASocketA,connect,send,send,VirtualAlloc,recv,closesocket,0_2_00000188C3040200
Source: biubiu.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: biubiu.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: biubiu.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: biubiu.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: biubiu.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: biubiu.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: biubiu.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: biubiu.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: biubiu.exeString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: biubiu.exeString found in binary or memory: http://ocsp.digicert.com0
Source: biubiu.exeString found in binary or memory: http://ocsp.digicert.com0A
Source: biubiu.exeString found in binary or memory: http://ocsp.digicert.com0C
Source: biubiu.exeString found in binary or memory: http://ocsp.digicert.com0X
Source: biubiu.exeString found in binary or memory: http://www.daisy.org/z3986/2005/ncx/
Source: biubiu.exeString found in binary or memory: http://www.digicert.com/CPS0
Source: biubiu.exeString found in binary or memory: http://www.gnway.com0
Source: biubiu.exeString found in binary or memory: http://www.gribuser.ru/xml/fictionbook/2.0
Source: biubiu.exeString found in binary or memory: http://www.idpf.org/2007/opf
Source: biubiu.exeString found in binary or memory: https://arslexis.io
Source: biubiu.exeString found in binary or memory: https://edna.arslexis.io
Source: biubiu.exeString found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/blob/master/AUTHORS
Source: biubiu.exeString found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/blob/master/TRANSLATORS
Source: biubiu.exeString found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/blob/master/TRANSLATORSVarious
Source: biubiu.exeString found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/commit/%s)
Source: biubiu.exeString found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/discussions
Source: biubiu.exeString found in binary or memory: https://github.com/sumatrapdfreader/sumatrapdf/discussionshttps://github.com/sumatrapdfreader/sumatr
Source: biubiu.exeString found in binary or memory: https://www.sumatrapdfreader.org/
Source: biubiu.exeString found in binary or memory: https://www.sumatrapdfreader.org/dl/
Source: biubiu.exeString found in binary or memory: https://www.sumatrapdfreader.org/dl/PRE_RELEASE_VER/SumatraPDF-prerelprerel/3.6/SumatraPDF-rel/-64.p
Source: biubiu.exe, 00000000.00000002.2360808924.00000188C3025000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.sumatrapdfreader.org/dl/rel/3.6/SumatraPDF-3.6
Source: biubiu.exe, 00000000.00000002.2360861223.00000188C306F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.sumatrapdfreader.org/dl/rel/3.6/SumatraPDF-3.6-64.pdb.lzsa
Source: biubiu.exe, 00000000.00000002.2360861223.00000188C306F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.sumatrapdfreader.org/dl/rel/3.6/SumatraPDF-3.6-64.pdb.lzsaaphics
Source: biubiu.exe, 00000000.00000002.2360808924.00000188C3025000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.sumatrapdfreader.org/dl/rel/3.6/SumatraPDF-3.6SumatraPDF-settings.txtSoftware
Source: biubiu.exeString found in binary or memory: https://www.sumatrapdfreader.org/docs/Contribute-translation
Source: biubiu.exeString found in binary or memory: https://www.sumatrapdfreader.org/docs/Contribute-translationsumatrapdfrestrict.inipersistentWarningS
Source: biubiu.exeString found in binary or memory: https://www.sumatrapdfreader.org/docs/Corrupted-installation
Source: biubiu.exeString found in binary or memory: https://www.sumatrapdfreader.org/docs/Installer-cmd-line-arguments
Source: biubiu.exeString found in binary or memory: https://www.sumatrapdfreader.org/docs/Installer-cmd-line-arguments$
Source: biubiu.exeString found in binary or memory: https://www.sumatrapdfreader.org/docs/Submit-crash-report.html
Source: biubiu.exeString found in binary or memory: https://www.sumatrapdfreader.org/docs/Version-history.html
Source: biubiu.exeString found in binary or memory: https://www.sumatrapdfreader.org/docs/Version-history.htmlURLInfoAboutWriteUninstallerRegistryInfo()
Source: biubiu.exeString found in binary or memory: https://www.sumatrapdfreader.org/https://www.sumatrapdfreader.org/manualArial
Source: biubiu.exeString found in binary or memory: https://www.sumatrapdfreader.org/manual
Source: biubiu.exeString found in binary or memory: https://www.sumatrapdfreader.org/settings/settings3-6.html
Source: biubiu.exeString found in binary or memory: https://www.sumatrapdfreader.org/settings/settings3-6.htmlSettings
Source: biubiu.exeString found in binary or memory: https://www.sumatrapdfreader.org/update-check-rel.txt
Source: biubiu.exeString found in binary or memory: https://www.sumatrapdfreader.org/update-check-rel.txtnotifUpdateCheckInProgressUpdateSelfTo:
Source: biubiu.exeBinary or memory string: curveP521 point not on curveQueryServiceLockStatusWQyzylorda Standard TimeRegNotifyChangeKeyValueRegisterRawInputDevicesRemoveFontMemResourceExSERVER_TRAFFIC_SECRET_0SHGetSpecialFolderPathWSafeArrayCreateVectorExSetEnvironmentVariableWSetInformationJobObjectSe
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_0045BEA0 SetWaitableTimer,SetWaitableTimer,NtWaitForSingleObject,0_2_0045BEA0
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_0045BE60 NtWaitForSingleObject,0_2_0045BE60
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39D1740 SetProcessDEPPolicy,GetCurrentProcess,NtSetInformationProcess,SetErrorMode,OleInitialize,InitCommonControlsEx,InitializeCriticalSection,RegisterClassExW,IsDebuggerPresent,DebugBreak,GetModuleHandleW,CreateWindowExW,IsDebuggerPresent,GetCommandLineW,GetModuleHandleW,FindResourceW,GetCommandLineW,GetModuleHandleW,FindResourceW,GetModuleHandleW,FindResourceW,GetModuleHandleW,FindResourceW,OleUninitialize,ExitProcess,ExitProcess,ExitProcess,IsDebuggerPresent,DebugBreak,DestroyCursor,DeleteObject,DeleteObject,DeleteObject,IsDebuggerPresent,DebugBreak,EnterCriticalSection,LeaveCriticalSection,DeleteCriticalSection,IsDebuggerPresent,DebugBreak,RegisterWindowMessageW,DispatchMessageW,PeekMessageW,DestroyWindow,IsDebuggerPresent,DebugBreak,IsDebuggerPresent,DebugBreak,QueueUserAPC,Sleep,EnterCriticalSection,LeaveCriticalSection,OleUninitialize,Sleep,ExitProcess,ExitProcess,0_2_00007FF7F39D1740
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_004060000_2_00406000
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_004130200_2_00413020
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_004570290_2_00457029
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_004260C00_2_004260C0
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_004280E00_2_004280E0
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_0044E0E00_2_0044E0E0
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_0043D0A00_2_0043D0A0
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_004371000_2_00437100
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_004321000_2_00432100
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_004541A00_2_004541A0
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_0041D2200_2_0041D220
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_0042F3E00_2_0042F3E0
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_004454000_2_00445400
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_004064C00_2_004064C0
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_0040C4E00_2_0040C4E0
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_0041E4E00_2_0041E4E0
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_004265600_2_00426560
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_004455E00_2_004455E0
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_004175800_2_00417580
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_0044C6C00_2_0044C6C0
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_004327400_2_00432740
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_004387400_2_00438740
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_004057200_2_00405720
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_0040B9200_2_0040B920
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_004239200_2_00423920
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_0043F9C00_2_0043F9C0
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_004609A00_2_004609A0
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00437A200_2_00437A20
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00442B400_2_00442B40
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00417B600_2_00417B60
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00408B000_2_00408B00
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00434B800_2_00434B80
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00446C400_2_00446C40
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_0041AC600_2_0041AC60
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00422C600_2_00422C60
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00420C200_2_00420C20
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00413D000_2_00413D00
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00439DC00_2_00439DC0
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00426E800_2_00426E80
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00417F400_2_00417F40
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_0040AF600_2_0040AF60
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39C94A00_2_00007FF7F39C94A0
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39D17400_2_00007FF7F39D1740
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F3A09C880_2_00007FF7F3A09C88
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39C79300_2_00007FF7F39C7930
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39C70B80_2_00007FF7F39C70B8
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F3A0E4EA0_2_00007FF7F3A0E4EA
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39F14380_2_00007FF7F39F1438
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F3A063200_2_00007FF7F3A06320
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39FD3300_2_00007FF7F39FD330
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39F22980_2_00007FF7F39F2298
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39F92F80_2_00007FF7F39F92F8
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39CF2E80_2_00007FF7F39CF2E8
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39C82600_2_00007FF7F39C8260
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39DA12C0_2_00007FF7F39DA12C
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39CF9080_2_00007FF7F39CF908
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39E483C0_2_00007FF7F39E483C
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39CC8340_2_00007FF7F39CC834
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39C88640_2_00007FF7F39C8864
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39F08680_2_00007FF7F39F0868
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39FD7C40_2_00007FF7F39FD7C4
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39F17D00_2_00007FF7F39F17D0
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39FA69C0_2_00007FF7F39FA69C
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F3A0B6380_2_00007FF7F3A0B638
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39CD62C0_2_00007FF7F39CD62C
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F3A0A6200_2_00007FF7F3A0A620
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F3A016000_2_00007FF7F3A01600
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F3A095EC0_2_00007FF7F3A095EC
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39DE5DC0_2_00007FF7F39DE5DC
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F3A045440_2_00007FF7F3A04544
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F3A04CB40_2_00007FF7F3A04CB4
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39F0C700_2_00007FF7F39F0C70
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39DBB580_2_00007FF7F39DBB58
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39EDAE00_2_00007FF7F39EDAE0
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39D3A500_2_00007FF7F39D3A50
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39CBA700_2_00007FF7F39CBA70
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39F0A6C0_2_00007FF7F39F0A6C
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39EC9AC0_2_00007FF7F39EC9AC
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39DB9E40_2_00007FF7F39DB9E4
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39E39800_2_00007FF7F39E3980
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39E29740_2_00007FF7F39E2974
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39D99680_2_00007FF7F39D9968
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F3A080B80_2_00007FF7F3A080B8
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39EDFEC0_2_00007FF7F39EDFEC
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39EFF200_2_00007FF7F39EFF20
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F3A00EF80_2_00007FF7F3A00EF8
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39FDE440_2_00007FF7F39FDE44
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39F1E600_2_00007FF7F39F1E60
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F3A02DEC0_2_00007FF7F3A02DEC
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F3A0CD280_2_00007FF7F3A0CD28
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00000188C30402000_2_00000188C3040200
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00000188C540CDC90_2_00000188C540CDC9
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00000188C544E9C90_2_00000188C544E9C9
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00000188C54145E90_2_00000188C54145E9
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00000188C5406DA90_2_00000188C5406DA9
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00000188C5426E490_2_00000188C5426E49
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00000188C5417E690_2_00000188C5417E69
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00000188C540C2090_2_00000188C540C209
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00000188C542FCC90_2_00000188C542FCC9
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00000188C54068E90_2_00000188C54068E9
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00000188C5445CE90_2_00000188C5445CE9
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00000188C5428CA90_2_00000188C5428CA9
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00000188C541B5490_2_00000188C541B549
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00000188C54235490_2_00000188C5423549
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00000188C54093E90_2_00000188C54093E9
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00000188C544CFA90_2_00000188C544CFA9
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00000188C54354690_2_00000188C5435469
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00000188C54188290_2_00000188C5418829
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00000188C54330290_2_00000188C5433029
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00000188C54434290_2_00000188C5443429
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00000188C5445EC90_2_00000188C5445EC9
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00000188C541DB090_2_00000188C541DB09
Source: C:\Users\user\Desktop\biubiu.exeCode function: String function: 00431900 appears 579 times
Source: C:\Users\user\Desktop\biubiu.exeCode function: String function: 00007FF7F39C2D28 appears 74 times
Source: C:\Users\user\Desktop\biubiu.exeCode function: String function: 00007FF7F39D8D74 appears 41 times
Source: C:\Users\user\Desktop\biubiu.exeCode function: String function: 00007FF7F39D93D0 appears 94 times
Source: C:\Users\user\Desktop\biubiu.exeCode function: String function: 00007FF7F39D2CA0 appears 34 times
Source: C:\Users\user\Desktop\biubiu.exeCode function: String function: 00445E80 appears 37 times
Source: C:\Users\user\Desktop\biubiu.exeCode function: String function: 00007FF7F39D9150 appears 49 times
Source: classification engineClassification label: mal54.evad.winEXE@1/1@0/1
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39DAED8 GetLastError,FormatMessageA,LocalFree,0_2_00007FF7F39DAED8
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39C6DA4 GetCurrentProcessId,CreateToolhelp32Snapshot,Module32FirstW,Module32NextW,CloseHandle,0_2_00007FF7F39C6DA4
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39DBCEC CoInitialize,CoCreateInstance,CoUninitialize,0_2_00007FF7F39DBCEC
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39DCF2C GetModuleHandleW,FindResourceW,LoadResource,LockResource,SizeofResource,0_2_00007FF7F39DCF2C
Source: C:\Users\user\Desktop\biubiu.exeFile opened: C:\Windows\system32\7156e3a370fef17e96b8c35664d929412861ca5df4214043256fbc49a2342c88AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJump to behavior
Source: biubiu.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\biubiu.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: biubiu.exeReversingLabs: Detection: 28%
Source: biubiu.exeVirustotal: Detection: 38%
Source: biubiu.exeString found in binary or memory: -fast-install
Source: biubiu.exeString found in binary or memory: -install-dir "
Source: biubiu.exeString found in binary or memory: -run-install-now
Source: biubiu.exeString found in binary or memory: sumatra-install-log.txt
Source: biubiu.exeString found in binary or memory: del SumatraPDF. cn: SumatraPDF co:Installazione di SumatraPDF micca trova. cy:Heb ganfod gosodiad SumatraPDF. cz:Instalace programu SumatraPDF nebyla nalezena. de:SumatraPDF-Installation nicht gefunden. dk:SumatraPDF-installatio
Source: biubiu.exeString found in binary or memory: 64-.\n\n 64- tl:Nag-i-install ka n
Source: biubiu.exeString found in binary or memory: <a href="https://www.sumatrapdfreader.org/docs/Installer-cmd-line-arguments">Read more on website</a>
Source: biubiu.exeString found in binary or memory: See more at https://www.sumatrapdfreader.org/docs/Installer-cmd-line-arguments
Source: biubiu.exeString found in binary or memory: Learn more at <a href="https://www.sumatrapdfreader.org/docs/Corrupted-installation">www.sumatrapdfreader.org/docs/Corrupted-insta
Source: biubiu.exeString found in binary or memory: Looks like corrupted installation of SumatraPDF. Learn more at https://www.sumatrapdfreader.org/docs/Corrupted-installation
Source: biubiu.exeString found in binary or memory: Looks like corrupted installation of SumatraPDF.Learn more at https://www.sumatrapdfreader.org/docs/Corrupted-installation
Source: biubiu.exeString found in binary or memory: fast-install
Source: biubiu.exeString found in binary or memory: run-install-now
Source: biubiu.exeString found in binary or memory: Call to EnumPrinters failed with error %#xssilentfast-installprint-to-defaultprint-dialogh?helpexit-when-doneexit-on-printrestrictpresentationfullscreeninvertcolorsinvert-colorsconsoleinstalluninstallwith-filterwith-searchwith-previewrandregressxtestertestappnew-windowlogcrash-on-openreuse-instanceesc-to-exitenum-printerssleep-msprint-toprint-settingsinverse-searchforward-searchfwdsearchnameddestnamed-destpageviewzoomscrollappdatapluginstress-testnmaxrenderextract-textbenchdinstall-dirlangupdate-self-todelete-filebgcolorbg-colorfwdsearch-offsetfwdsearch-widthfwdsearch-colorfwdsearch-permanentmanga-modesearchall-usersallusersrun-install-nowaddeuser-dumpset-color-range, defaultSumatraPDF - EnumeratePrinters - no paper bins available
Source: biubiu.exeString found in binary or memory: sumatra-install-log.txt
Source: biubiu.exeString found in binary or memory: -run-install-now
Source: biubiu.exeString found in binary or memory: -fast-install
Source: biubiu.exeString found in binary or memory: -install-dir "
Source: biubiu.exeString found in binary or memory: Arial BlackSumatraPDF websitewebsiteSumatraPDF manualmanualSumatraPDF forumsforumsprogramminghttps://github.com/sumatrapdfreader/sumatrapdf/discussionshttps://github.com/sumatrapdfreader/sumatrapdf/blob/master/AUTHORSThe ProgrammersThe Translatorstranslationslicenseshttps://github.com/sumatrapdfreader/sumatrapdf/blob/master/TRANSLATORSVarious Open Source (dbg) 64-bitSUMATRA_PDF_ABOUTSumatraPDF.exesumatra-install-log.txtHasPreviousInstall(): hasPrev: %d
Source: biubiu.exeString found in binary or memory: -run-install-now -with-filter -all-users -silent -with-preview -log -fast-installLaunchElevated('%s', '%s')
Source: biubiu.exeString found in binary or memory: -install-dir "LaunchElevated() ok!
Source: biubiu.exeString found in binary or memory: Learn more at https://www.sumatrapdfreader.org/docs/Corrupted-installation
Source: biubiu.exeString found in binary or memory: writes installation log to %LOCALAPPDATA%\sumatra-install-log.txt
Source: biubiu.exeString found in binary or memory: See more at https://www.sumatrapdfreader.org/docs/Installer-cmd-line-arguments
Source: biubiu.exeString found in binary or memory: Learn more at <a href="https://www.sumatrapdfreader.org/docs/Corrupted-installation">www.sumatrapdfreader.org/docs/Corrupted-installation</a>.See more at https://www.sumatrapdfreader.org/docs/Installer-cmd-line-arguments${appName}SumatraPDF installer usage%s
Source: biubiu.exeString found in binary or memory: Learn more at <a href="https://www.sumatrapdfreader.org/docs/Corrupted-installation">www.sumatrapdfreader.org/docs/Corrupted-installation</a>.See more at https://www.sumatrapdfreader.org/docs/Installer-cmd-line-arguments${appName}SumatraPDF installer usage%s
Source: biubiu.exeString found in binary or memory: Not a valid installer<a href="https://www.sumatrapdfreader.org/docs/Installer-cmd-line-arguments">Read more on website</a>Starting: '%s'
Source: biubiu.exeString found in binary or memory: tl:&Magpatuloy sa pag-install ng 32-bit na bersyon
Source: biubiu.exeString found in binary or memory: tl:Hindi ma-install ang PDF previewer
Source: biubiu.exeString found in binary or memory: tl:Hindi ma-install ang PDF search filter
Source: biubiu.exeString found in binary or memory: tl:Huwag i-install
Source: biubiu.exeString found in binary or memory: tl:I-install ang SumatraPDF
Source: biubiu.exeString found in binary or memory: tl:I-install ang SumatraPDF sa &folder:
Source: biubiu.exeString found in binary or memory: tl:I-install at muling ilunsad
Source: biubiu.exeString found in binary or memory: tl:I-install para sa lahat ng user
Source: biubiu.exeString found in binary or memory: tl:Nabigo ang pag-install!
Source: biubiu.exeString found in binary or memory: tl:Kasalukuyang isinasagawa ang pag-install...
Source: biubiu.exeString found in binary or memory: tl:Pag-install ng 32-bit SumatraPDF sa 64-bit OS
Source: biubiu.exeString found in binary or memory: tl:Piliin ang folder kung saan dapat i-install ang SumatraPDF:
Source: biubiu.exeString found in binary or memory: nn:SumatraPDF %s-installerer
Source: biubiu.exeString found in binary or memory: de:SumatraPDF-Installation nicht gefunden.
Source: biubiu.exeString found in binary or memory: dk:SumatraPDF-installation blev ikke fundet.
Source: biubiu.exeString found in binary or memory: nl:SumatraPDF-installatie niet gevonden.
Source: biubiu.exeString found in binary or memory: nn:SumatraPDF-installeringa blei ikkje funnet.
Source: biubiu.exeString found in binary or memory: tl:Salamat! Na-install na ang SumatraPDF.
Source: biubiu.exeString found in binary or memory: tl:Mayroon kang bersyon na '%s' at available ang bersyon na '%s'.\nGusto mo bang mag-install ng bagong bersyon?
Source: biubiu.exeString found in binary or memory: tl:Nag-i-install ka ng 32-bit na SumatraPDF sa 64-bit na OS.\nGusto mo bang mag-download ng\n64-bit na bersyon?
Source: C:\Users\user\Desktop\biubiu.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\biubiu.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\biubiu.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\Desktop\biubiu.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Users\user\Desktop\biubiu.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\Desktop\biubiu.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\biubiu.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\biubiu.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\biubiu.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\biubiu.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\biubiu.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\biubiu.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\biubiu.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\biubiu.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\biubiu.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\biubiu.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\biubiu.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\biubiu.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\biubiu.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\Desktop\biubiu.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\Desktop\biubiu.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\biubiu.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\biubiu.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\Desktop\biubiu.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Users\user\Desktop\biubiu.exeSection loaded: samcli.dllJump to behavior
Source: C:\Users\user\Desktop\biubiu.exeSection loaded: samlib.dllJump to behavior
Source: C:\Users\user\Desktop\biubiu.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\biubiu.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\Desktop\biubiu.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\biubiu.exeSection loaded: dnsapi.dllJump to behavior
Source: biubiu.exeStatic PE information: certificate valid
Source: biubiu.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: biubiu.exeStatic file information: File size 1542184 > 1048576
Source: biubiu.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: biubiu.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: biubiu.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: biubiu.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: biubiu.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: biubiu.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: biubiu.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: biubiu.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: https://www.sumatrapdfreader.org/dl/rel/3.6/SumatraPDF-3.6-64.pdb.lzsaaphics source: biubiu.exe, 00000000.00000002.2360861223.00000188C306F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: -64.pdb.lzsa source: biubiu.exe
Source: Binary string: C:\rprichard\proj\winpty\src\Release\x64\winpty.pdb source: biubiu.exe, 00000000.00000002.2361158172.00000188C5AD2000.00000040.00001000.00020000.00000000.sdmp, biubiu.exe, 00000000.00000002.2358808337.0000000000B3F000.00000040.00001000.00020000.00000000.sdmp
Source: Binary string: https://www.sumatrapdfreader.org/dl/PRE_RELEASE_VER/SumatraPDF-prerelprerel/3.6/SumatraPDF-rel/-64.pdb.lzsaInstallCrashHandler: skipping because !crashDumpPath source: biubiu.exe
Source: Binary string: https://www.sumatrapdfreader.org/dl/rel/3.6/SumatraPDF-3.6-64.pdb.lzsa source: biubiu.exe, 00000000.00000002.2360861223.00000188C306F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\rprichard\proj\winpty\src\Release\x64\winpty-agent.pdb source: biubiu.exe, 00000000.00000002.2358808337.0000000000BEB000.00000040.00001000.00020000.00000000.sdmp, biubiu.exe, 00000000.00000002.2361158172.00000188C5BEB000.00000040.00001000.00020000.00000000.sdmp
Source: Binary string: dbghelp::Initialize(): DynSymInitializeW() failedntdll.dlldbghelp::Initialize(): SymInitializeW() and SymInitialize() not present in dbghelp.dll%GSetProcessDEPPolicykernel32.dllSetDefaultDllDirectoriesSetDllDirectoryWGetProcessInformationIsWow64ProcessSetProcessMitigationPolicySetThreadDescriptionRtlCaptureStackBackTraceRtlCaptureContextGetThreadDpiAwarenessContextGetDpiForWindowuser32.dllNtSetInformationProcessGetGestureInfoSetGestureConfigSetThreadDpiAwarenessContextGetAwarenessFromDpiAwarenessContextOpenThemeDataIsAppThemeduxtheme.dllCloseGestureInfoHandleIsThemeBackgroundPartiallyTransparentIsThemeActiveDrawThemeBackgroundCloseThemeDataDwmIsCompositionEnableddwmapi.dllGetThemeColorSetWindowThemeDwmSetWindowAttributeDwmGetWindowAttributeDwmDefWindowProcDwmExtendFrameIntoClientAreaMiniDumpWriteDumpdbghelp.dllNormalizeStringnormaliz.dllSymSetOptionsSymGetOptionsSymCleanupSymInitializeWSymGetModuleBase64SymFunctionTableAccess64SymFromAddrStackWalk64SymGetLineFromAddr64SymRefreshModuleListSymSetSearchPathSymSetSearchPathWgdiplus.dllmsimg32.dllshlwapi.dllurlmon.dllversion.dllwindowscodecs.dllwininet.dllfilePDFfileChmfileDjVufileXPSfilePSfileTifffileGiffileJpegfilePngfileHdpfileJxrfileTgafileBmpfileCbzfileJp2fileWebpfileWdpfileZipfileCbtfileCb7fileCbrfileFb2fileTarfile7ZfileRarfileMobifileEpubdirectoryfileFb2zfileSvgfileTxtfileHTMLfilePalmDoc.txt.js.json.xml.logfile_id.dizread.me.nfo.tcr.ps.ps.gz.eps.fb2.fb2z.fbz.zfb2.fb2.zip.cbz.cbr.cb7.cbt.pdf.xps.oxps.chm.png.jpg.jpeg.gif.tif.tiff.bmp.tga.jxr.hdp.wdp.webp.epub.mobi.prc.azw.azw1.azw3.pdb.html.htm.xhtml.svg.djvu.jp2.zip.rar.7z.heic.avif.tarfileAviffileHeic7z source: biubiu.exe
Source: biubiu.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: biubiu.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: biubiu.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: biubiu.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: biubiu.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Data Obfuscation

barindex
Source: C:\Users\user\Desktop\biubiu.exeUnpacked PE file: 0.2.biubiu.exe.400000.0.unpack
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39DCA80 OleInitialize,SetDllDirectoryW,LoadLibraryA,GetProcAddress,FreeLibrary,SetDllDirectoryW,OleUninitialize,0_2_00007FF7F39DCA80
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00469074 pushfq ; retf 003Dh0_2_00469075
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00467E94 push rsi; ret 0_2_00467E95
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00467F54 pushfq ; retn 003Dh0_2_00467F55
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00000188C54185BE push ecx; retf 0_2_00000188C54185BF
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39DFB70 IsDebuggerPresent,DebugBreak,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,IsDebuggerPresent,DebugBreak,GetProcAddress,IsDebuggerPresent,DebugBreak,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddressForCaller,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00007FF7F39DFB70
Source: C:\Users\user\Desktop\biubiu.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\biubiu.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\biubiu.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\biubiu.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\biubiu.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\biubiu.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\biubiu.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\Desktop\biubiu.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\biubiu.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00459F60 rdtscp0_2_00459F60
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39C6DA4 GetCurrentProcessId,CreateToolhelp32Snapshot,Module32FirstW,Module32NextW,CloseHandle,0_2_00007FF7F39C6DA4
Source: C:\Users\user\Desktop\biubiu.exeEvaded block: after key decisiongraph_0-84164
Source: C:\Users\user\Desktop\biubiu.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_0-84801
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F3A02DEC FindFirstFileExW,0_2_00007FF7F3A02DEC
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39E0D84 FindFirstFileW,FindNextFileW,FindNextFileW,0_2_00007FF7F39E0D84
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_0042D420 GetSystemInfo,SetProcessPriorityBoost,0_2_0042D420
Source: biubiu.exeBinary or memory string: tLastErrorSetStdHandleSetTextColorSetWindowPosSiS SiS SiS Sora_SompengSyloti_NagriSysStringLenThread32NextTransmetaCPUTransmitFileUnauthorizedUnlockFileExUpdateWindowVIA VIA VIA VMwareVMwareVariantClearVirtualAllocVirtualQueryVortex86 SoCWindowFromDCX-Imforwar
Source: biubiu.exeBinary or memory string: Syloti_NagriSysStringLenThread32NextTransmetaCPUTransmitFileUnauthorizedUnlockFileExUpdateWindowVIA VIA VIA VMwareVMwareVariantClearVirtualAllocVirtualQueryVortex86 SoCWindowFromDCX-ImforwardsX-Powered-ByXenVMMXenVMMabi mismatchadvapi32.dllaltmatch -> anynotnl
Source: biubiu.exeBinary or memory string: Sora_SompengSyloti_NagriSysStringLenThread32NextTransmetaCPUTransmitFileUnauthorizedUnlockFileExUpdateWindowVIA VIA VIA VMwareVMwareVariantClearVirtualAllocVirtualQueryVortex86 SoCWindowFromDCX-ImforwardsX-Powered-ByXenVMMXenVMMabi mismatchadvapi32.dllaltmatch
Source: biubiu.exe, 00000000.00000002.2360845450.00000188C3041000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\biubiu.exeAPI call chain: ExitProcess graph end nodegraph_0-84215
Source: C:\Users\user\Desktop\biubiu.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Source: C:\Users\user\Desktop\biubiu.exeDebugger detection routine: IsDebuggerPresent or CheckRemoteDebuggerPresent, DecisionNodes, ExitProcess or Sleepgraph_0-84651
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00459F60 Start: 00459F69 End: 00459F7F0_2_00459F60
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00459F60 rdtscp0_2_00459F60
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39C94A0 IsDebuggerPresent,DebugBreak,0_2_00007FF7F39C94A0
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39C6DA4 GetCurrentProcessId,CreateToolhelp32Snapshot,Module32FirstW,Module32NextW,CloseHandle,0_2_00007FF7F39C6DA4
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39DCA80 OleInitialize,SetDllDirectoryW,LoadLibraryA,GetProcAddress,FreeLibrary,SetDllDirectoryW,OleUninitialize,0_2_00007FF7F39DCA80
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F3A07610 GetProcessHeap,0_2_00007FF7F3A07610
Source: C:\Users\user\Desktop\biubiu.exeProcess token adjusted: DebugJump to behavior
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00442040 RtlAddVectoredExceptionHandler,RtlAddVectoredContinueHandler,RtlAddVectoredContinueHandler,SetUnhandledExceptionFilter,0_2_00442040
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39C7930 IsDebuggerPresent,DebugBreak,GetModuleHandleW,FindResourceExW,HeapCreate,CreateEventW,CreateThread,SetUnhandledExceptionFilter,AddVectoredExceptionHandler,0_2_00007FF7F39C7930
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39E62D8 SetUnhandledExceptionFilter,0_2_00007FF7F39E62D8
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39FACD0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7F39FACD0
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39C7D04 SetUnhandledExceptionFilter,SetEvent,WaitForSingleObject,CloseHandle,CloseHandle,0_2_00007FF7F39C7D04
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39E60F8 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7F39E60F8
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39E5D38 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF7F39E5D38

HIPS / PFW / Operating System Protection Evasion

barindex
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39C94A0 IsDebuggerPresent,DebugBreak,0_2_00007FF7F39C94A0
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39DA378 IsDebuggerPresent,DebugBreak,_fread_nolock,IsDebuggerPresent,DebugBreak,0_2_00007FF7F39DA378
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39D02C8 IsDebuggerPresent,DebugBreak,IsDebuggerPresent,DebugBreak,0_2_00007FF7F39D02C8
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39D830C IsDebuggerPresent,DebugBreak,0_2_00007FF7F39D830C
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39D81F8 IsDebuggerPresent,DebugBreak,0_2_00007FF7F39D81F8
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39D1740 SetProcessDEPPolicy,GetCurrentProcess,NtSetInformationProcess,SetErrorMode,OleInitialize,InitCommonControlsEx,InitializeCriticalSection,RegisterClassExW,IsDebuggerPresent,DebugBreak,GetModuleHandleW,CreateWindowExW,IsDebuggerPresent,GetCommandLineW,GetModuleHandleW,FindResourceW,GetCommandLineW,GetModuleHandleW,FindResourceW,GetModuleHandleW,FindResourceW,GetModuleHandleW,FindResourceW,OleUninitialize,ExitProcess,ExitProcess,ExitProcess,IsDebuggerPresent,DebugBreak,DestroyCursor,DeleteObject,DeleteObject,DeleteObject,IsDebuggerPresent,DebugBreak,EnterCriticalSection,LeaveCriticalSection,DeleteCriticalSection,IsDebuggerPresent,DebugBreak,RegisterWindowMessageW,DispatchMessageW,PeekMessageW,DestroyWindow,IsDebuggerPresent,DebugBreak,IsDebuggerPresent,DebugBreak,QueueUserAPC,Sleep,EnterCriticalSection,LeaveCriticalSection,OleUninitialize,Sleep,ExitProcess,ExitProcess,0_2_00007FF7F39D1740
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39DA6B0 IsDebuggerPresent,DebugBreak,GetFileSizeEx,CloseHandle,0_2_00007FF7F39DA6B0
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39DFB70 IsDebuggerPresent,DebugBreak,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,IsDebuggerPresent,DebugBreak,GetProcAddress,IsDebuggerPresent,DebugBreak,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddressForCaller,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00007FF7F39DFB70
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39C6A0C IsDebuggerPresent,DebugBreak,IsDebuggerPresent,DebugBreak,0_2_00007FF7F39C6A0C
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39C7930 IsDebuggerPresent,DebugBreak,GetModuleHandleW,FindResourceExW,HeapCreate,CreateEventW,CreateThread,SetUnhandledExceptionFilter,AddVectoredExceptionHandler,0_2_00007FF7F39C7930
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39D5070 WideCharToMultiByte,WideCharToMultiByte,IsDebuggerPresent,DebugBreak,IsDebuggerPresent,DebugBreak,0_2_00007FF7F39D5070
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39DA508 CreateFileW,WriteFile,IsDebuggerPresent,DebugBreak,CloseHandle,0_2_00007FF7F39DA508
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39DF4E8 IsDebuggerPresent,DebugBreak,IsDebuggerPresent,DebugBreak,IsDebuggerPresent,DebugBreak,0_2_00007FF7F39DF4E8
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39E2448 IsDebuggerPresent,DebugBreak,0_2_00007FF7F39E2448
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39DD484 IsDebuggerPresent,DebugBreak,SetEvent,IsDebuggerPresent,DebugBreak,QueueUserAPC,0_2_00007FF7F39DD484
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39D8460 IsDebuggerPresent,DebugBreak,0_2_00007FF7F39D8460
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39D9470 IsDebuggerPresent,DebugBreak,0_2_00007FF7F39D9470
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39E03BC IsDebuggerPresent,DebugBreak,0_2_00007FF7F39E03BC
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39E13B8 IsDebuggerPresent,DebugBreak,0_2_00007FF7F39E13B8
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39DF3A8 IsDebuggerPresent,DebugBreak,IsDebuggerPresent,DebugBreak,IsDebuggerPresent,DebugBreak,0_2_00007FF7F39DF3A8
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39DF338 IsDebuggerPresent,DebugBreak,0_2_00007FF7F39DF338
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39D132C GetModuleHandleW,FindResourceW,IsDebuggerPresent,DebugBreak,wprintf,#345,ExitProcess,0_2_00007FF7F39D132C
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39D638C IsDebuggerPresent,DebugBreak,SendMessageW,0_2_00007FF7F39D638C
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39D5388 IsWindow,IsDebuggerPresent,DebugBreak,DefWindowProcW,0_2_00007FF7F39D5388
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39E0308 IsDebuggerPresent,DebugBreak,MultiByteToWideChar,MultiByteToWideChar,0_2_00007FF7F39E0308
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39D4230 EnterCriticalSection,GetCurrentThreadId,GetCurrentThreadId,IsDebuggerPresent,DebugBreak,IsDebuggerPresent,DebugBreak,LeaveCriticalSection,0_2_00007FF7F39D4230
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39E2228 IsDebuggerPresent,DebugBreak,IsDebuggerPresent,DebugBreak,0_2_00007FF7F39E2228
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39D5294 IsDebuggerPresent,DebugBreak,IsDebuggerPresent,DebugBreak,IsDebuggerPresent,DebugBreak,0_2_00007FF7F39D5294
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39C8260 IsDebuggerPresent,DebugBreak,IsDebuggerPresent,DebugBreak,IsDebuggerPresent,DebugBreak,0_2_00007FF7F39C8260
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39CC25C GetModuleHandleW,LoadIconW,RegisterClassExW,IsDebuggerPresent,DebugBreak,GetModuleHandleW,CreateWindowExW,0_2_00007FF7F39CC25C
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39D51D4 IsDebuggerPresent,DebugBreak,0_2_00007FF7F39D51D4
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39D81A0 IsDebuggerPresent,DebugBreak,0_2_00007FF7F39D81A0
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39C81E4 IsDebuggerPresent,DebugBreak,IsDebuggerPresent,DebugBreak,0_2_00007FF7F39C81E4
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39E01E8 WideCharToMultiByte,WideCharToMultiByte,IsDebuggerPresent,DebugBreak,IsDebuggerPresent,DebugBreak,0_2_00007FF7F39E01E8
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39D4140 IsDebuggerPresent,DebugBreak,DeleteCriticalSection,0_2_00007FF7F39D4140
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39D0148 EnterCriticalSection,EnterCriticalSection,CloseHandle,CloseHandle,IsDebuggerPresent,DebugBreak,LeaveCriticalSection,DeleteCriticalSection,LeaveCriticalSection,DeleteCriticalSection,0_2_00007FF7F39D0148
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39E0118 MultiByteToWideChar,MultiByteToWideChar,IsDebuggerPresent,DebugBreak,0_2_00007FF7F39E0118
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39D618C IsDebuggerPresent,DebugBreak,EnableWindow,0_2_00007FF7F39D618C
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39DD900 IsDebuggerPresent,DebugBreak,0_2_00007FF7F39DD900
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39DD844 IsDebuggerPresent,DebugBreak,IsDebuggerPresent,DebugBreak,0_2_00007FF7F39DD844
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39D388C GetTempPathW,IsDebuggerPresent,DebugBreak,0_2_00007FF7F39D388C
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39C8864 EnumPrintersW,GetLastError,EnumPrintersW,DeviceCapabilitiesW,DeviceCapabilitiesW,IsDebuggerPresent,DebugBreak,GetLastError,DeviceCapabilitiesW,DeviceCapabilitiesW,GetLastError,0_2_00007FF7F39C8864
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39DB870 GetTempPathW,IsDebuggerPresent,DebugBreak,0_2_00007FF7F39DB870
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39D7738 IsDebuggerPresent,DebugBreak,0_2_00007FF7F39D7738
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39DD754 IsDebuggerPresent,DebugBreak,0_2_00007FF7F39DD754
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39C6754 IsDebuggerPresent,DebugBreak,0_2_00007FF7F39C6754
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39C874C IsDebuggerPresent,DebugBreak,IsDebuggerPresent,DebugBreak,IsDebuggerPresent,DebugBreak,0_2_00007FF7F39C874C
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39D8748 IsDebuggerPresent,DebugBreak,0_2_00007FF7F39D8748
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39D9774 EnterCriticalSection,IsDebuggerPresent,DebugBreak,IsDebuggerPresent,DebugBreak,IsDebuggerPresent,DebugBreak,IsDebuggerPresent,DebugBreak,IsDebuggerPresent,DebugBreak,LeaveCriticalSection,0_2_00007FF7F39D9774
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39DD6C4 IsDebuggerPresent,DebugBreak,0_2_00007FF7F39DD6C4
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39DF6B8 IsDebuggerPresent,DebugBreak,IsDebuggerPresent,DebugBreak,IsDebuggerPresent,DebugBreak,IsDebuggerPresent,DebugBreak,IsDebuggerPresent,DebugBreak,0_2_00007FF7F39DF6B8
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39D86A0 IsDebuggerPresent,DebugBreak,IsDebuggerPresent,DebugBreak,0_2_00007FF7F39D86A0
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39DD644 IsDebuggerPresent,DebugBreak,0_2_00007FF7F39DD644
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39D361C GetTempPathW,IsDebuggerPresent,DebugBreak,ExitProcess,0_2_00007FF7F39D361C
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39DD67C IsDebuggerPresent,DebugBreak,0_2_00007FF7F39DD67C
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39D4694 IsDebuggerPresent,DebugBreak,0_2_00007FF7F39D4694
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39C8674 IsDebuggerPresent,DebugBreak,0_2_00007FF7F39C8674
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39CE604 SendMessageW,IsDebuggerPresent,DebugBreak,IsDebuggerPresent,DebugBreak,#412,DeleteObject,DeleteObject,DeleteObject,#412,0_2_00007FF7F39CE604
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39D4604 EnterCriticalSection,GetCurrentThreadId,IsDebuggerPresent,DebugBreak,IsDebuggerPresent,DebugBreak,LeaveCriticalSection,0_2_00007FF7F39D4604
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39DD600 IsDebuggerPresent,DebugBreak,0_2_00007FF7F39DD600
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39E15FC IsDebuggerPresent,DebugBreak,0_2_00007FF7F39E15FC
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39D25D8 IsDebuggerPresent,DebugBreak,0_2_00007FF7F39D25D8
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39D5550 IsDebuggerPresent,DebugBreak,GetParent,ShowWindow,0_2_00007FF7F39D5550
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39CA520 IsDebuggerPresent,DebugBreak,SendMessageW,0_2_00007FF7F39CA520
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39E2578 IsDebuggerPresent,DebugBreak,IsDebuggerPresent,DebugBreak,0_2_00007FF7F39E2578
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39DD578 IsDebuggerPresent,DebugBreak,EnterCriticalSection,LeaveCriticalSection,0_2_00007FF7F39DD578
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39D0590 DestroyWindow,SendMessageW,ImageList_Destroy,DragAcceptFiles,WaitForSingleObject,IsDebuggerPresent,DebugBreak,WaitForSingleObject,IsDebuggerPresent,DebugBreak,0_2_00007FF7F39D0590
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39E3558 IsDebuggerPresent,DebugBreak,0_2_00007FF7F39E3558
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39DDCB8 IsDebuggerPresent,DebugBreak,0_2_00007FF7F39DDCB8
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39D0C44 IsDebuggerPresent,DebugBreak,IsDebuggerPresent,DebugBreak,GetFocus,GetFocus,SetFocus,ShowWindow,ShowWindow,ShowWindow,ShowWindow,0_2_00007FF7F39D0C44
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39D6C54 IsDebuggerPresent,DebugBreak,SendMessageW,0_2_00007FF7F39D6C54
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39C8C34 IsDebuggerPresent,DebugBreak,IsDebuggerPresent,DebugBreak,0_2_00007FF7F39C8C34
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39E1B40 IsDebuggerPresent,DebugBreak,IsDebuggerPresent,DebugBreak,IsDebuggerPresent,DebugBreak,IsDebuggerPresent,DebugBreak,0_2_00007FF7F39E1B40
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39DDB1C IsDebuggerPresent,DebugBreak,IsDebuggerPresent,DebugBreak,0_2_00007FF7F39DDB1C
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39D6B7C IsDebuggerPresent,DebugBreak,0_2_00007FF7F39D6B7C
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39DDA3C IsDebuggerPresent,DebugBreak,0_2_00007FF7F39DDA3C
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39D3A50 GetCommandLineW,GetModuleHandleW,LoadIconW,RegisterClassExW,IsDebuggerPresent,DebugBreak,0_2_00007FF7F39D3A50
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39D6A94 IsDebuggerPresent,DebugBreak,SendMessageW,0_2_00007FF7F39D6A94
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39DBA60 GetModuleFileNameW,GetModuleFileNameW,IsDebuggerPresent,DebugBreak,0_2_00007FF7F39DBA60
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39CEA60 IsDebuggerPresent,DebugBreak,0_2_00007FF7F39CEA60
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39D49D4 #412,IsDebuggerPresent,DebugBreak,IsDebuggerPresent,DebugBreak,IsDebuggerPresent,DebugBreak,IsDebuggerPresent,DebugBreak,IsDebuggerPresent,DebugBreak,IsDebuggerPresent,DebugBreak,IsDebuggerPresent,DebugBreak,IsDebuggerPresent,DebugBreak,0_2_00007FF7F39D49D4
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39D9A00 IsDebuggerPresent,DebugBreak,0_2_00007FF7F39D9A00
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39D40E4 IsDebuggerPresent,DebugBreak,0_2_00007FF7F39D40E4
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39D60F4 IsWindow,IsDebuggerPresent,DebugBreak,IsDebuggerPresent,DebugBreak,#410,IsDebuggerPresent,DebugBreak,0_2_00007FF7F39D60F4
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39C8048 IsDebuggerPresent,DebugBreak,IsDebuggerPresent,DebugBreak,0_2_00007FF7F39C8048
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39E3028 IsDebuggerPresent,DebugBreak,IsDebuggerPresent,DebugBreak,0_2_00007FF7F39E3028
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39DD068 GetWindowLongW,GetWindowLongW,AdjustWindowRectEx,IsDebuggerPresent,DebugBreak,SetWindowPos,IsDebuggerPresent,DebugBreak,0_2_00007FF7F39DD068
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39D5FA4 IsDebuggerPresent,DebugBreak,CreateWindowExW,SendMessageW,IsDebuggerPresent,DebugBreak,0_2_00007FF7F39D5FA4
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39D8FB0 IsDebuggerPresent,DebugBreak,0_2_00007FF7F39D8FB0
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39DFFF0 GetDesktopWindow,GetDpiForWindow,IsDebuggerPresent,DebugBreak,GetDC,GetDeviceCaps,ReleaseDC,0_2_00007FF7F39DFFF0
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39E2F48 IsDebuggerPresent,DebugBreak,IsDebuggerPresent,DebugBreak,0_2_00007FF7F39E2F48
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39D3EC0 IsDebuggerPresent,DebugBreak,0_2_00007FF7F39D3EC0
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39D6EA8 IsDebuggerPresent,DebugBreak,IsDebuggerPresent,DebugBreak,0_2_00007FF7F39D6EA8
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39D6EFC IsDebuggerPresent,DebugBreak,0_2_00007FF7F39D6EFC
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39DCE34 IsDebuggerPresent,DebugBreak,LoadCursorW,IsDebuggerPresent,DebugBreak,0_2_00007FF7F39DCE34
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39D7E78 IsDebuggerPresent,DebugBreak,0_2_00007FF7F39D7E78
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39E2E88 IsDebuggerPresent,DebugBreak,0_2_00007FF7F39E2E88
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39DADD4 GetEnvironmentVariableW,GetEnvironmentVariableW,IsDebuggerPresent,DebugBreak,0_2_00007FF7F39DADD4
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39D6E00 IsDebuggerPresent,DebugBreak,SendMessageW,SendMessageW,SendMessageW,RedrawWindow,0_2_00007FF7F39D6E00
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39D3E00 IsDebuggerPresent,DebugBreak,Sleep,0_2_00007FF7F39D3E00
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39E1DF8 IsDebuggerPresent,DebugBreak,IsDebuggerPresent,DebugBreak,0_2_00007FF7F39E1DF8
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39DDE08 IsDebuggerPresent,DebugBreak,0_2_00007FF7F39DDE08
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39DCD70 FindResourceW,IsDebuggerPresent,DebugBreak,LoadResource,SizeofResource,LockResource,0_2_00007FF7F39DCD70
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39DB548 RegOpenKeyExW,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,RegSetKeySecurity,RegCloseKey,0_2_00007FF7F39DB548
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39DC1FC AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_00007FF7F39DC1FC
Source: biubiu.exeBinary or memory string: Shell_TrayWnd
Source: biubiu.exeBinary or memory string: Shell_TrayWnd KillProcWithId(%d) returned %d
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39C2BF4 cpuid 0_2_00007FF7F39C2BF4
Source: C:\Users\user\Desktop\biubiu.exeCode function: GetSystemInfo,GlobalMemoryStatusEx,GetLocaleInfoA,GetLocaleInfoA,0_2_00007FF7F39C70B8
Source: C:\Users\user\Desktop\biubiu.exeCode function: EnumSystemLocalesW,0_2_00007FF7F39FC2A4
Source: C:\Users\user\Desktop\biubiu.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_00007FF7F3A072F8
Source: C:\Users\user\Desktop\biubiu.exeCode function: GetLocaleInfoW,0_2_00007FF7F3A071C4
Source: C:\Users\user\Desktop\biubiu.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,0_2_00007FF7F3A068B0
Source: C:\Users\user\Desktop\biubiu.exeCode function: GetLocaleInfoW,0_2_00007FF7F39D882C
Source: C:\Users\user\Desktop\biubiu.exeCode function: GetLocaleInfoW,0_2_00007FF7F39FC724
Source: C:\Users\user\Desktop\biubiu.exeCode function: EnumSystemLocalesW,0_2_00007FF7F3A06CDC
Source: C:\Users\user\Desktop\biubiu.exeCode function: EnumSystemLocalesW,0_2_00007FF7F3A06C0C
Source: C:\Users\user\Desktop\biubiu.exeCode function: GetLocaleInfoW,0_2_00007FF7F39D89AC
Source: C:\Users\user\Desktop\biubiu.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_00007FF7F3A07114
Source: C:\Users\user\Desktop\biubiu.exeCode function: GetLocaleInfoW,0_2_00007FF7F3A06FBC
Source: C:\Users\user\Desktop\biubiu.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_00007FF7F3A06D74
Source: C:\Users\user\Desktop\biubiu.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessorJump to behavior
Source: C:\Users\user\Desktop\biubiu.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Users\user\Desktop\biubiu.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39E7794 GetSystemTimePreciseAsFileTime,GetSystemTimeAsFileTime,0_2_00007FF7F39E7794
Source: C:\Users\user\Desktop\biubiu.exeCode function: 0_2_00007FF7F39C75BC GetVersionExW,0_2_00007FF7F39C75BC
Source: C:\Users\user\Desktop\biubiu.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter
1
DLL Side-Loading
11
Process Injection
11
Virtualization/Sandbox Evasion
11
Input Capture
1
System Time Discovery
Remote Services11
Input Capture
1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts3
Native API
Boot or Logon Initialization Scripts1
DLL Side-Loading
11
Process Injection
LSASS Memory151
Security Software Discovery
Remote Desktop Protocol11
Archive Collected Data
1
Non-Standard Port
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Deobfuscate/Decode Files or Information
Security Account Manager11
Virtualization/Sandbox Evasion
SMB/Windows Admin SharesData from Network Shared Drive1
Ingress Tool Transfer
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook3
Obfuscated Files or Information
NTDS3
Process Discovery
Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Software Packing
LSA Secrets1
File and Directory Discovery
SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading
Cached Domain Credentials35
System Information Discovery
VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
biubiu.exe29%ReversingLabsWin64.Exploit.Marte
biubiu.exe39%VirustotalBrowse
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
https://www.sumatrapdfreader.org/https://www.sumatrapdfreader.org/manualArial0%Avira URL Cloudsafe
https://www.sumatrapdfreader.org/dl/rel/3.6/SumatraPDF-3.6-64.pdb.lzsaaphics0%Avira URL Cloudsafe
https://www.sumatrapdfreader.org/dl/rel/3.6/SumatraPDF-3.6SumatraPDF-settings.txtSoftware0%Avira URL Cloudsafe
http://www.gnway.com00%Avira URL Cloudsafe
https://www.sumatrapdfreader.org/dl/rel/3.6/SumatraPDF-3.60%Avira URL Cloudsafe
https://www.sumatrapdfreader.org/docs/Installer-cmd-line-arguments$0%Avira URL Cloudsafe
https://www.sumatrapdfreader.org/update-check-rel.txt0%Avira URL Cloudsafe
https://www.sumatrapdfreader.org/docs/Version-history.htmlURLInfoAboutWriteUninstallerRegistryInfo()0%Avira URL Cloudsafe
https://arslexis.io0%Avira URL Cloudsafe
https://www.sumatrapdfreader.org/settings/settings3-6.htmlSettings0%Avira URL Cloudsafe
https://www.sumatrapdfreader.org/docs/Installer-cmd-line-arguments0%Avira URL Cloudsafe
https://www.sumatrapdfreader.org/settings/settings3-6.html0%Avira URL Cloudsafe
http://www.gribuser.ru/xml/fictionbook/2.00%Avira URL Cloudsafe
https://www.sumatrapdfreader.org/docs/Contribute-translation0%Avira URL Cloudsafe
https://www.sumatrapdfreader.org/dl/0%Avira URL Cloudsafe
https://www.sumatrapdfreader.org/0%Avira URL Cloudsafe
https://www.sumatrapdfreader.org/dl/PRE_RELEASE_VER/SumatraPDF-prerelprerel/3.6/SumatraPDF-rel/-64.p0%Avira URL Cloudsafe
https://www.sumatrapdfreader.org/dl/rel/3.6/SumatraPDF-3.6-64.pdb.lzsa0%Avira URL Cloudsafe
https://www.sumatrapdfreader.org/docs/Submit-crash-report.html0%Avira URL Cloudsafe
https://www.sumatrapdfreader.org/docs/Corrupted-installation0%Avira URL Cloudsafe
https://edna.arslexis.io0%Avira URL Cloudsafe
https://www.sumatrapdfreader.org/docs/Contribute-translationsumatrapdfrestrict.inipersistentWarningS0%Avira URL Cloudsafe
https://www.sumatrapdfreader.org/docs/Version-history.html0%Avira URL Cloudsafe
https://www.sumatrapdfreader.org/update-check-rel.txtnotifUpdateCheckInProgressUpdateSelfTo:0%Avira URL Cloudsafe
https://www.sumatrapdfreader.org/manual0%Avira URL Cloudsafe
No contacted domains info
NameSourceMaliciousAntivirus DetectionReputation
http://www.idpf.org/2007/opfbiubiu.exefalse
    high
    https://github.com/sumatrapdfreader/sumatrapdf/commit/%s)biubiu.exefalse
      high
      https://www.sumatrapdfreader.org/dl/rel/3.6/SumatraPDF-3.6-64.pdb.lzsaaphicsbiubiu.exe, 00000000.00000002.2360861223.00000188C306F000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      unknown
      https://www.sumatrapdfreader.org/docs/Version-history.htmlURLInfoAboutWriteUninstallerRegistryInfo()biubiu.exefalse
      • Avira URL Cloud: safe
      unknown
      https://www.sumatrapdfreader.org/docs/Installer-cmd-line-arguments$biubiu.exefalse
      • Avira URL Cloud: safe
      unknown
      https://www.sumatrapdfreader.org/dl/rel/3.6/SumatraPDF-3.6biubiu.exe, 00000000.00000002.2360808924.00000188C3025000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      unknown
      https://github.com/sumatrapdfreader/sumatrapdf/blob/master/TRANSLATORSVariousbiubiu.exefalse
        high
        https://www.sumatrapdfreader.org/https://www.sumatrapdfreader.org/manualArialbiubiu.exefalse
        • Avira URL Cloud: safe
        unknown
        https://www.sumatrapdfreader.org/settings/settings3-6.htmlSettingsbiubiu.exefalse
        • Avira URL Cloud: safe
        unknown
        https://arslexis.iobiubiu.exefalse
        • Avira URL Cloud: safe
        unknown
        https://www.sumatrapdfreader.org/dl/rel/3.6/SumatraPDF-3.6SumatraPDF-settings.txtSoftwarebiubiu.exe, 00000000.00000002.2360808924.00000188C3025000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        unknown
        https://github.com/sumatrapdfreader/sumatrapdf/discussionsbiubiu.exefalse
          high
          http://www.gnway.com0biubiu.exefalse
          • Avira URL Cloud: safe
          unknown
          https://www.sumatrapdfreader.org/update-check-rel.txtbiubiu.exefalse
          • Avira URL Cloud: safe
          unknown
          https://www.sumatrapdfreader.org/docs/Installer-cmd-line-argumentsbiubiu.exefalse
          • Avira URL Cloud: safe
          unknown
          http://www.gribuser.ru/xml/fictionbook/2.0biubiu.exefalse
          • Avira URL Cloud: safe
          unknown
          https://www.sumatrapdfreader.org/settings/settings3-6.htmlbiubiu.exefalse
          • Avira URL Cloud: safe
          unknown
          https://github.com/sumatrapdfreader/sumatrapdf/blob/master/AUTHORSbiubiu.exefalse
            high
            https://www.sumatrapdfreader.org/docs/Contribute-translationbiubiu.exefalse
            • Avira URL Cloud: safe
            unknown
            https://www.sumatrapdfreader.org/biubiu.exefalse
            • Avira URL Cloud: safe
            unknown
            https://www.sumatrapdfreader.org/dl/biubiu.exefalse
            • Avira URL Cloud: safe
            unknown
            https://www.sumatrapdfreader.org/dl/rel/3.6/SumatraPDF-3.6-64.pdb.lzsabiubiu.exe, 00000000.00000002.2360861223.00000188C306F000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            unknown
            https://www.sumatrapdfreader.org/docs/Corrupted-installationbiubiu.exefalse
            • Avira URL Cloud: safe
            unknown
            https://www.sumatrapdfreader.org/docs/Submit-crash-report.htmlbiubiu.exefalse
            • Avira URL Cloud: safe
            unknown
            https://www.sumatrapdfreader.org/dl/PRE_RELEASE_VER/SumatraPDF-prerelprerel/3.6/SumatraPDF-rel/-64.pbiubiu.exefalse
            • Avira URL Cloud: safe
            unknown
            https://github.com/sumatrapdfreader/sumatrapdf/discussionshttps://github.com/sumatrapdfreader/sumatrbiubiu.exefalse
              high
              https://github.com/sumatrapdfreader/sumatrapdf/blob/master/TRANSLATORSbiubiu.exefalse
                high
                https://edna.arslexis.iobiubiu.exefalse
                • Avira URL Cloud: safe
                unknown
                https://www.sumatrapdfreader.org/docs/Contribute-translationsumatrapdfrestrict.inipersistentWarningSbiubiu.exefalse
                • Avira URL Cloud: safe
                unknown
                https://www.sumatrapdfreader.org/docs/Version-history.htmlbiubiu.exefalse
                • Avira URL Cloud: safe
                unknown
                https://www.sumatrapdfreader.org/update-check-rel.txtnotifUpdateCheckInProgressUpdateSelfTo:biubiu.exefalse
                • Avira URL Cloud: safe
                unknown
                http://www.daisy.org/z3986/2005/ncx/biubiu.exefalse
                  high
                  https://www.sumatrapdfreader.org/manualbiubiu.exefalse
                  • Avira URL Cloud: safe
                  unknown
                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs
                  IPDomainCountryFlagASNASN NameMalicious
                  93.127.198.62
                  unknownGermany
                  62255ASMUNDA-ASSCfalse
                  Joe Sandbox version:41.0.0 Charoite
                  Analysis ID:1580816
                  Start date and time:2024-12-26 09:48:04 +01:00
                  Joe Sandbox product:CloudBasic
                  Overall analysis duration:0h 5m 45s
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:default.jbs
                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                  Number of analysed new started processes analysed:4
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • HCA enabled
                  • EGA enabled
                  • AMSI enabled
                  Analysis Mode:default
                  Analysis stop reason:Timeout
                  Sample name:biubiu.exe
                  Detection:MAL
                  Classification:mal54.evad.winEXE@1/1@0/1
                  EGA Information:
                  • Successful, ratio: 100%
                  HCA Information:
                  • Successful, ratio: 100%
                  • Number of executed functions: 43
                  • Number of non-executed functions: 249
                  Cookbook Comments:
                  • Found application associated with file extension: .exe
                  • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                  • Excluded IPs from analysis (whitelisted): 13.107.246.63, 4.245.163.56
                  • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                  • Report size exceeded maximum capacity and may have missing disassembly code.
                  • Report size exceeded maximum capacity and may have missing network information.
                  No simulations
                  No context
                  No context
                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  ASMUNDA-ASSCpowerpc.nn.elfGet hashmaliciousMirai, OkiruBrowse
                  • 93.127.133.167
                  copia111224mp.htaGet hashmaliciousUnknownBrowse
                  • 93.127.200.211
                  xd.spc.elfGet hashmaliciousMiraiBrowse
                  • 93.127.162.213
                  nullnet_load.ppc.elfGet hashmaliciousMiraiBrowse
                  • 91.108.78.211
                  Factura-2410-CFDI.batGet hashmaliciousUnknownBrowse
                  • 93.127.200.211
                  JuyR4wj8av.exeGet hashmaliciousStealc, VidarBrowse
                  • 93.127.208.30
                  EL7ggW7AdA.exeGet hashmaliciousStealc, VidarBrowse
                  • 93.127.208.30
                  arm6.elfGet hashmaliciousUnknownBrowse
                  • 93.127.202.25
                  https://aliceblue-dolphin-702154.hostingersite.com/juno-server-alerts.com/authen.php/Get hashmaliciousUnknownBrowse
                  • 93.127.179.137
                  https://nationalrecalls.com/outbound-scheduling-callsGet hashmaliciousUnknownBrowse
                  • 93.127.179.248
                  No context
                  No context
                  Process:C:\Users\user\Desktop\biubiu.exe
                  File Type:GLS_BINARY_LSB_FIRST
                  Category:dropped
                  Size (bytes):160
                  Entropy (8bit):4.438743916256937
                  Encrypted:false
                  SSDEEP:3:rmHfvtH//STGlA1yqGlYUGk+ldyHGlgZty:rmHcKtGFlqty
                  MD5:E467C82627F5E1524FDB4415AF19FC73
                  SHA1:B86E3AA40E9FBED0494375A702EABAF1F2E56F8E
                  SHA-256:116CD35961A2345CE210751D677600AADA539A66F046811FA70E1093E01F2540
                  SHA-512:2A969893CC713D6388FDC768C009055BE1B35301A811A7E313D1AEEC1F75C88CCDDCD8308017A852093B1310811E90B9DA76B6330AACCF5982437D84F553183A
                  Malicious:false
                  Reputation:moderate, very likely benign file
                  Preview:................................xW4.4.....#Eg.......]..........+.H`........xW4.4.....#Eg......3.qq..7I......6........xW4.4.....#Eg......,..l..@E............
                  File type:PE32+ executable (GUI) x86-64, for MS Windows
                  Entropy (8bit):6.831200895340982
                  TrID:
                  • Win64 Executable GUI (202006/5) 92.65%
                  • Win64 Executable (generic) (12005/4) 5.51%
                  • Generic Win/DOS Executable (2004/3) 0.92%
                  • DOS Executable Generic (2002/1) 0.92%
                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                  File name:biubiu.exe
                  File size:1'542'184 bytes
                  MD5:e49cb409df10bb4ef5e2f024995146fb
                  SHA1:1896057aafc5705cdc5d69d1906c6c9f2a294dd1
                  SHA256:a8af10f68d566fb3f7de1f27e354b70cde80286ca33eb4aaf3e9e048591870cb
                  SHA512:cfa1d370d4c306f8ab17c110712626cc08a6c0c0c76c09cf10eb6776e28f86ad5313d15aa43a4b82217096735c49559993aa1defbfcd148f6a238fc1d7c8df76
                  SSDEEP:24576:H2XEncE99CfDGYEhXiTFHoSdW740oFPizOTw529octEwQ51MU8Vml:WX+kD0U0WcUCciz+Bu
                  TLSH:AD656C97628CD7A4F41D8139A2386FBCBA70EC352511FFE201653D09FAB3779C92A611
                  File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........K................................................................................................ ...............z..........
                  Icon Hash:07e1f996ba8aca55
                  Entrypoint:0x140025988
                  Entrypoint Section:.text
                  Digitally signed:true
                  Imagebase:0x140000000
                  Subsystem:windows gui
                  Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                  DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                  Time Stamp:0x6763C1E8 [Thu Dec 19 06:49:12 2024 UTC]
                  TLS Callbacks:
                  CLR (.Net) Version:
                  OS Version Major:6
                  OS Version Minor:0
                  File Version Major:6
                  File Version Minor:0
                  Subsystem Version Major:6
                  Subsystem Version Minor:0
                  Import Hash:19fae1a540dd7f99d552b32b62a414c8
                  Signature Valid:true
                  Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                  Signature Validation Error:The operation completed successfully
                  Error Number:0
                  Not Before, Not After
                  • 25/01/2022 01:00:00 20/02/2025 00:59:59
                  Subject Chain
                  • CN="Beijing Jinwanwei Technology Co., Ltd.", O="Beijing Jinwanwei Technology Co., Ltd.", S=beijing, C=CN
                  Version:3
                  Thumbprint MD5:B8C0D0FE670AF0E98F59851F3E41CA73
                  Thumbprint SHA-1:A0A23DEAEF32755A1660CD784EAF2C72AE3D6633
                  Thumbprint SHA-256:F28969D7A0688047D34BEE918A83A9B971DF7CC5E85A29A4E1669F63209EF731
                  Serial:0A9CC40EEEB4103C26115504E22BC0AC
                  Instruction
                  dec eax
                  sub esp, 28h
                  call 00007F62E88E069Ch
                  dec eax
                  add esp, 28h
                  jmp 00007F62E88DFEBFh
                  int3
                  int3
                  int3
                  int3
                  int3
                  int3
                  int3
                  int3
                  int3
                  int3
                  int3
                  int3
                  nop word ptr [eax+eax+00000000h]
                  dec eax
                  cmp ecx, dword ptr [00052689h]
                  jne 00007F62E88E0052h
                  dec eax
                  rol ecx, 10h
                  test cx, FFFFh
                  jne 00007F62E88E0043h
                  ret
                  dec eax
                  ror ecx, 10h
                  jmp 00007F62E88E03E3h
                  int3
                  int3
                  inc eax
                  push ebx
                  dec eax
                  sub esp, 20h
                  dec eax
                  mov ebx, ecx
                  jmp 00007F62E88E0051h
                  dec eax
                  mov ecx, ebx
                  call 00007F62E88F4BB2h
                  test eax, eax
                  je 00007F62E88E0055h
                  dec eax
                  mov ecx, ebx
                  call 00007F62E88EE7B6h
                  dec eax
                  test eax, eax
                  je 00007F62E88E0029h
                  dec eax
                  add esp, 20h
                  pop ebx
                  ret
                  dec eax
                  cmp ebx, FFFFFFFFh
                  je 00007F62E88E0048h
                  call 00007F62E88E0B40h
                  int3
                  call 00007F62E88E0B5Ah
                  int3
                  jmp 00007F62E88E0614h
                  int3
                  int3
                  int3
                  dec eax
                  sub esp, 28h
                  call 00007F62E88E0E48h
                  test eax, eax
                  je 00007F62E88E0063h
                  dec eax
                  mov eax, dword ptr [00000030h]
                  dec eax
                  mov ecx, dword ptr [eax+08h]
                  jmp 00007F62E88E0047h
                  dec eax
                  cmp ecx, eax
                  je 00007F62E88E0056h
                  xor eax, eax
                  dec eax
                  cmpxchg dword ptr [00058670h], ecx
                  jne 00007F62E88E0030h
                  xor al, al
                  dec eax
                  add esp, 28h
                  ret
                  mov al, 01h
                  jmp 00007F62E88E0039h
                  int3
                  int3
                  NameVirtual AddressVirtual Size Is in Section
                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                  IMAGE_DIRECTORY_ENTRY_IMPORT0x75e580xc8.rdata
                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x8c0000xf43a0.rsrc
                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x880000x3e34.pdata
                  IMAGE_DIRECTORY_ENTRY_SECURITY0x1760000x2828.rsrc
                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x1810000x14e4.reloc
                  IMAGE_DIRECTORY_ENTRY_DEBUG0x716700x1c.rdata
                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                  IMAGE_DIRECTORY_ENTRY_TLS0x718000x28.rdata
                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x5dcd00x140.rdata
                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                  IMAGE_DIRECTORY_ENTRY_IAT0x520000x890.rdata
                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x7565c0xe0.rdata
                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                  .text0x10000x5030e0x504007037a790a58d97dd6ed3ff9350e64965False0.5504040109034268data6.4952959150339415IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  .rdata0x520000x25a9a0x25c00575abcc3f73696baa1c1cd67b3fd8e3fFalse0.4119282905629139data5.46139100509013IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                  .data0x780000xf9600x62005480193bcf5c8ab4d417e28aa9ba7f04False0.20731026785714285data2.5885633370646324IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  .pdata0x880000x3e340x4000352fc8811a39ccfbde7e43b28ea6ff77False0.4761962890625data5.563604397663562IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                  .rsrc0x8c0000xf43a00xf4400a3b97634bc44a6ad9cffa56ab9f2b345False0.4160715999232344data6.693294479089347IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                  .reloc0x1810000x14e40x16001745a2a7781b99af0ce625fd855e6601False0.4011008522727273data5.361581741591993IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                  NameRVASizeTypeLanguageCountryZLIB Complexity
                  SRC0x8ca300x70dXML document, ASCII text, with very long lines (1805), with no line terminatorsChineseChina0.756786703601108
                  SRC0x8d1400x510ASCII text, with very long lines (1296), with no line terminatorsChineseChina0.7584876543209876
                  SRC10x8d6500x510ASCII text, with very long lines (1296), with no line terminatorsChineseChina0.7584876543209876
                  RT_CURSOR0x1802500x134dataEnglishUnited States0.29545454545454547
                  RT_BITMAP0x17e7d80x328Device independent bitmap graphic, 16 x 16 x 24, image size 768EnglishUnited States0.7091584158415841
                  RT_ICON0x1279300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2688, 256 important colorsEnglishUnited States0.3829957356076759
                  RT_ICON0x1287d80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1152, 256 important colorsEnglishUnited States0.4381768953068592
                  RT_ICON0x1290800x568Device independent bitmap graphic, 16 x 32 x 8, image size 320, 256 important colorsEnglishUnited States0.33598265895953755
                  RT_ICON0x1295e80x3addPNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9757780874643307
                  RT_ICON0x12d0c80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.312551867219917
                  RT_ICON0x12f6700x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.3785178236397749
                  RT_ICON0x1307180x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.5815602836879432
                  RT_ICON0x130be80xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishUnited States0.6060767590618337
                  RT_ICON0x131a900x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishUnited States0.7635379061371841
                  RT_ICON0x1323380x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishUnited States0.7695086705202312
                  RT_ICON0x1328a00xeec1PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9984457060584742
                  RT_ICON0x1417680x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishUnited States0.42012448132780084
                  RT_ICON0x143d100x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishUnited States0.5684803001876173
                  RT_ICON0x144db80x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishUnited States0.7092198581560284
                  RT_ICON0x1452880x42a9PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9773220041019631
                  RT_ICON0x1495380x10828Device independent bitmap graphic, 128 x 256 x 32, image size 131072EnglishUnited States0.07738376907606767
                  RT_ICON0x159d600x4228Device independent bitmap graphic, 64 x 128 x 32, image size 32768EnglishUnited States0.11118327822390174
                  RT_ICON0x15df880x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 18432EnglishUnited States0.12531120331950207
                  RT_ICON0x1605300x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 8192EnglishUnited States0.15196998123827393
                  RT_ICON0x1615d80x468Device independent bitmap graphic, 16 x 32 x 32, image size 2048EnglishUnited States0.2473404255319149
                  RT_ICON0x161aa00x47cePNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9778043738439778
                  RT_ICON0x1662700x10828Device independent bitmap graphic, 128 x 256 x 32, image size 131072EnglishUnited States0.08258902164911866
                  RT_ICON0x176a980x4228Device independent bitmap graphic, 64 x 128 x 32, image size 32768EnglishUnited States0.11478507321681625
                  RT_ICON0x17acc00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 18432EnglishUnited States0.13101659751037345
                  RT_ICON0x17d2680x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 8192EnglishUnited States0.16064727954971858
                  RT_ICON0x17e3100x468Device independent bitmap graphic, 16 x 32 x 32, image size 2048EnglishUnited States0.2526595744680851
                  RT_DIALOG0x17eb000x140dataEnglishUnited States0.55
                  RT_DIALOG0x17eee00x1c0dataEnglishUnited States0.515625
                  RT_DIALOG0x17edd80x102dataEnglishUnited States0.624031007751938
                  RT_DIALOG0x17f0a00xd0dBase III DBT, next free block index 4294901761EnglishUnited States0.6586538461538461
                  RT_DIALOG0x17f1700x4b4dataEnglishUnited States0.4418604651162791
                  RT_DIALOG0x17ec400x198dataEnglishUnited States0.5563725490196079
                  RT_DIALOG0x17f6280x10cdataEnglishUnited States0.5970149253731343
                  RT_DIALOG0x17f7380x2acdataEnglishUnited States0.4283625730994152
                  RT_DIALOG0x17f9e80x148dataEnglishUnited States0.5914634146341463
                  RT_RCDATA0x8ddc80x99b64Unicode text, UTF-8 textEnglishUnited States0.4098560364927796
                  RT_GROUP_CURSOR0x1803880x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                  RT_GROUP_ICON0x130b800x68dataEnglishUnited States0.7019230769230769
                  RT_GROUP_ICON0x1452200x68dataEnglishUnited States0.7211538461538461
                  RT_GROUP_ICON0x161a400x5adataEnglishUnited States0.7777777777777778
                  RT_GROUP_ICON0x17e7780x5adataEnglishUnited States0.7777777777777778
                  RT_VERSION0x8db600x264dataEnglishUnited States0.5147058823529411
                  RT_MANIFEST0x17fb300x719XML 1.0 document, ASCII textEnglishUnited States0.4116675839295542
                  DLLImport
                  COMCTL32.dllImageList_Destroy, InitCommonControlsEx
                  KERNEL32.dllLoadLibraryW, FreeLibrary, GetShortPathNameW, GetLongPathNameW, EnterCriticalSection, LeaveCriticalSection, IsDBCSLeadByte, GetFullPathNameW, Sleep, QueryPerformanceFrequency, GetSystemTimeAsFileTime, QueryPerformanceCounter, FindResourceW, GetModuleHandleW, MulDiv, VerSetConditionMask, VerifyVersionInfoW, GetACP, InitializeCriticalSection, DeleteCriticalSection, HeapCreate, HeapFree, GetCurrentProcess, TerminateProcess, GetEnvironmentVariableA, WaitForSingleObject, GetCurrentThreadId, GetLocaleInfoA, CreateToolhelp32Snapshot, CreateEventW, SetEvent, HeapReAlloc, CloseHandle, LoadLibraryExA, WriteConsoleW, SetEndOfFile, HeapSize, GetProcessHeap, GetStringTypeW, SetEnvironmentVariableW, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetCPInfo, GetOEMCP, IsValidCodePage, FindFirstFileExW, FindClose, ReadConsoleW, FlushFileBuffers, SetFilePointerEx, GetConsoleMode, GetConsoleOutputCP, SetStdHandle, EnumSystemLocalesW, GetUserDefaultLCID, IsValidLocale, LCMapStringW, CompareStringW, FlsFree, FlsSetValue, FlsGetValue, FlsAlloc, SetConsoleCtrlHandler, GetFileType, GetModuleHandleExW, TlsFree, TlsSetValue, TlsGetValue, TlsAlloc, InitializeCriticalSectionAndSpinCount, EncodePointer, SetLastError, RtlPcToFileHeader, RtlUnwindEx, TryAcquireSRWLockExclusive, GetStartupInfoW, InitializeSListHead, IsProcessorFeaturePresent, UnhandledExceptionFilter, RtlVirtualUnwind, RtlLookupFunctionEntry, RtlCaptureContext, SleepConditionVariableSRW, WakeAllConditionVariable, AcquireSRWLockExclusive, ReleaseSRWLockExclusive, RaiseException, FindNextFileW, FindFirstFileW, GetSystemDirectoryW, VirtualQuery, QueueUserAPC, ExitThread, LoadLibraryExW, GetProcAddress, GetModuleFileNameW, OutputDebugStringA, WideCharToMultiByte, GetFileAttributesW, CreateFileW, WriteFile, CreateDirectoryW, GetTempPathW, GetUserDefaultUILanguage, IsDebuggerPresent, LocalAlloc, SetErrorMode, VirtualProtect, LoadResource, LockResource, SizeofResource, GetSystemTime, Process32FirstW, Process32NextW, OpenProcess, ExitProcess, GetCommandLineW, GetLastError, GetExitCodeProcess, GetEnvironmentVariableW, MultiByteToWideChar, OutputDebugStringW, CancelIo, FormatMessageA, CreateProcessW, ReadFile, SetUnhandledExceptionFilter, Module32NextW, GlobalMemoryStatusEx, GetCurrentProcessId, HeapDestroy, AddVectoredExceptionHandler, Module32FirstW, HeapAlloc, CreateThread, LocalFree, GetWindowsDirectoryW, LoadLibraryA, GetCurrentThread, AttachConsole, GetVersionExW, GetStdHandle, CopyFileW, DeleteFileW, GetFileAttributesExW, GetFileSizeEx, DebugBreak, SetNamedPipeHandleState, GetLocaleInfoW, GetSystemInfo, GetFileInformationByHandle
                  USER32.dllGetSystemMetrics, SendMessageW, PostMessageW, EndPaint, IsWindowEnabled, GetUpdateRect, RegisterWindowMessageW, ClientToScreen, DeferWindowPos, BeginDeferWindowPos, EndDeferWindowPos, LoadCursorW, ScreenToClient, SetWindowLongW, DrawTextExW, GetWindowLongW, GetWindow, IsChild, MessageBeep, UpdateWindow, DispatchMessageW, IsDialogMessageW, PeekMessageW, TranslateMessage, GetDlgItem, PostQuitMessage, SetForegroundWindow, EnableWindow, MoveWindow, GetFocus, LoadIconW, DestroyWindow, GetWindowRect, SetWindowPos, CreateWindowExW, GetWindowLongPtrW, RegisterClassExW, SendInput, SetFocus, GetMonitorInfoW, DestroyCursor, MonitorFromWindow, MonitorFromRect, MessageBoxW, GetKeyState, AdjustWindowRectEx, ShowWindow, RedrawWindow, MapWindowPoints, BeginPaint, GetSysColor, FindWindowW, GetWindowDC, GetClientRect, IsZoomed, GetParent, InvalidateRect, DefWindowProcW, GetDC, SystemParametersInfoW, GetDesktopWindow, DestroyAcceleratorTable, ReleaseDC, FillRect, MsgWaitForMultipleObjects, IsWindow
                  GDI32.dllGetDeviceCaps, SetBkColor, SetBkMode, SelectObject, DeleteDC, SetTextColor, DeleteObject, CreateSolidBrush, CreateFontIndirectW
                  WINSPOOL.DRVEnumPrintersW, DeviceCapabilitiesW
                  ADVAPI32.dllRegGetValueW, RegQueryValueExW, RegQueryInfoKeyW, InitializeSecurityDescriptor, CheckTokenMembership, FreeSid, RegSetKeySecurity, AllocateAndInitializeSid, RegOpenKeyExW, RegCloseKey, SetSecurityDescriptorDacl
                  SHELL32.dllCommandLineToArgvW, ShellExecuteExW, SHGetFolderPathW, SHFileOperationW, DragAcceptFiles, SHChangeNotify, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetMalloc, SHGetFileInfoW
                  ole32.dllCoCreateInstance, OleUninitialize, OleInitialize, CoTaskMemAlloc, CoUninitialize, CoTaskMemFree, CoInitialize
                  OLEAUT32.dllVariantClear
                  Language of compilation systemCountry where language is spokenMap
                  ChineseChina
                  EnglishUnited States
                  TimestampSource PortDest PortSource IPDest IP
                  Dec 26, 2024 09:48:56.346318960 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:56.465892076 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:56.465986967 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:56.466049910 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:56.585599899 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:56.585658073 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:56.706626892 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.180767059 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.180788994 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.180799961 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.180871964 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.180902004 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:58.180923939 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.180937052 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.180948019 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.180949926 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:58.180990934 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:58.181067944 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.181113005 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:58.181129932 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.181142092 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.181196928 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:58.300842047 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.300857067 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.300945997 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:58.468631029 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.468791008 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.468854904 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:58.472695112 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.474456072 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.474467039 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.474518061 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:58.482892036 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.482959032 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:58.483067036 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.491337061 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.491394997 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:58.491493940 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.500567913 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.500580072 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.500652075 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:58.507837057 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.507889986 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:58.507956028 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.516360998 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.516403913 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.516422987 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:58.524591923 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.524669886 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:58.524713039 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.532964945 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.532977104 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.533057928 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:58.541362047 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.541444063 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:58.541482925 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.591748953 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:58.660782099 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.660826921 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.660887957 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:58.664093971 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.664161921 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.664220095 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:58.757209063 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.757343054 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.757432938 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:58.760550976 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.760646105 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.760706902 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:58.767339945 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.767398119 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.767461061 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:58.774043083 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.774246931 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.774311066 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:58.780844927 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.780884027 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.780958891 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:58.787467003 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.787506104 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.787570953 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:58.794327974 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.794460058 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.794526100 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:58.800983906 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.801070929 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.801136017 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:58.807718992 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.807780981 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.807847977 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:58.814743042 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.814841986 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.814898968 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:58.821161032 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.821252108 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.821314096 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:58.827843904 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.827886105 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.827950954 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:58.834566116 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.834671974 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.834743023 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:58.841355085 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.841471910 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.841536045 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:58.848077059 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.848206043 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.854933977 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.854938030 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:58.855045080 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.855109930 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:58.860552073 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.860630989 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.860691071 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:58.867333889 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.867391109 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.867460966 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:58.873950958 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.874067068 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.874125957 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:58.949325085 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.949400902 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.949564934 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:58.951639891 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.952542067 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.952594995 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:58.952611923 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.957361937 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.957432032 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:58.957451105 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.962121010 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.962188005 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:58.962255955 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.966937065 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.966948032 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:58.967015028 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.045278072 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.045326948 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.045387983 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.047079086 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.047183990 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.047238111 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.050951958 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.051162958 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.051225901 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.054811001 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.054908037 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.054961920 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.058696985 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.058897972 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.058983088 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.062583923 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.062602043 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.062685966 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.066505909 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.066622972 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.066684961 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.070255041 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.070395947 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.070453882 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.074107885 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.074229956 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.074285030 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.078008890 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.078144073 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.078206062 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.081846952 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.081974030 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.082034111 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.085740089 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.085860014 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.085918903 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.089603901 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.089731932 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.089786053 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.093482018 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.093619108 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.093692064 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.097318888 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.097500086 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.097565889 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.101301908 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.101382017 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.101444006 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.105082035 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.105209112 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.105268002 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.109086990 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.109286070 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.109342098 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.112797022 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.112917900 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.112977028 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.116765022 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.117034912 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.117085934 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.120556116 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.120686054 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.120731115 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.124439001 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.124596119 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.124646902 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.128293037 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.128309965 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.128375053 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.132137060 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.132251024 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.132304907 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.136050940 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.136316061 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.136375904 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.139870882 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.139971972 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.140032053 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.143778086 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.143942118 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.144009113 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.147624016 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.147730112 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.147788048 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.151626110 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.151638031 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.151818991 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.155359983 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.155411959 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.155486107 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.160140991 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.160152912 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.160216093 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.163286924 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.163299084 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.163357019 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.166960955 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.167033911 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.167093039 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.170780897 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.170950890 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.171010971 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.174655914 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.174756050 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.174818039 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.180515051 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.180526972 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.180598021 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.182615995 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.182776928 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.182842016 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.186400890 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.186413050 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.186486006 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.190237999 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.190249920 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.190325022 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.196083069 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.196098089 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.196202040 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.198237896 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.237287998 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.237309933 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.237466097 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.238028049 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.238082886 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.238209963 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.240628004 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.240678072 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.240763903 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.243148088 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.243252039 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.243377924 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.245815992 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.245882988 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.245903015 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.248356104 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.248413086 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.248495102 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.250893116 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.250952005 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.251086950 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.253385067 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.253452063 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.333554983 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.333730936 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.333797932 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.334167004 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.334306002 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.334367990 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.335536957 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.335583925 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.335643053 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.336879015 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.337027073 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.337080956 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.338602066 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.338728905 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.338779926 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.340091944 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.340105057 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.340168953 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.341561079 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.341717005 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.341768026 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.342675924 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.342765093 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.342824936 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.343638897 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.343759060 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.343807936 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.345057011 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.345076084 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.345127106 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.346395969 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.346489906 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.346544981 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.347673893 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.347857952 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.347910881 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.349086046 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.349184036 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.349240065 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.350387096 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.350502968 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.350553989 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.351754904 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.351890087 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.351958990 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.353106022 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.353218079 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.353274107 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.354486942 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.354499102 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.354557991 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.355797052 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.355923891 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.355979919 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.357153893 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.357295036 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.357367992 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.358525991 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.358623981 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.358690023 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.359862089 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.359981060 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.360052109 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.361304998 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.361495018 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.361546993 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.362829924 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.362930059 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.362986088 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.363903999 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.364013910 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.364065886 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.365370989 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.365416050 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.365468979 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.366620064 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.366761923 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.366815090 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.367965937 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.368105888 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.368161917 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.369338036 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.369477034 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.369538069 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.370719910 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.370789051 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.370841980 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.372082949 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.372095108 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.372153997 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.373387098 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.373502970 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.373562098 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.374767065 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.374872923 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.374927998 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.376192093 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.376297951 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.376355886 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.377501011 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.377548933 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.377595901 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.378818989 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.378937006 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.378990889 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.380215883 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.380295038 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.380352020 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.381506920 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.381781101 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.381829977 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.382868052 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.382972002 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.383021116 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.384305954 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.384368896 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.384419918 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.385566950 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.385782003 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.385834932 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.386914968 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.387042046 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.387090921 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.388283014 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.388411999 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.388461113 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.389686108 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.389799118 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.389858961 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.390984058 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.391107082 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.391159058 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.392349005 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.392427921 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.392477989 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.393850088 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.393950939 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.394002914 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.395060062 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.395183086 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.395236969 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.396400928 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.429441929 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.429512978 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.429546118 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.430135965 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.430154085 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.430207014 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.431715965 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.431787014 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.431803942 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.432800055 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.432851076 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.432883024 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.434233904 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.434245110 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.434293032 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.435461044 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.435519934 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.435616016 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.436939001 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.436949968 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.437015057 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.525957108 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.526197910 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.526268959 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.526273966 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.526393890 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.526454926 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.527353048 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.527491093 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.527545929 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.528429031 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.528531075 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.528587103 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.529525042 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.529592037 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.529649019 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.530606031 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.530761957 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.530817986 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.531613111 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.531702995 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.531754971 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.532624006 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.532763958 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.532814026 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.533720970 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.533823967 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.533879042 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.534740925 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.534873962 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.534929037 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.535803080 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.535962105 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.536012888 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.536869049 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.537043095 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.537098885 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.537940025 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.538067102 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.538121939 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.539014101 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.539133072 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.539184093 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.540030003 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.540221930 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.540278912 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.541102886 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.541222095 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.541274071 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.542228937 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.542476892 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.542531013 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.543243885 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.543337107 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.543390989 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.544238091 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.544348001 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.544399977 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.545329094 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.545420885 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.545463085 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.546411991 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.546483994 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.546528101 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.547441006 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.547545910 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.547588110 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.548477888 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.548607111 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.548688889 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.549561024 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.549612999 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.549674988 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.550611019 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.550754070 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.550807953 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.551645041 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.551719904 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.551786900 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.552696943 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.552864075 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.552921057 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.553883076 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.553893089 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.553956985 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.554819107 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.554902077 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.555011034 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.555886984 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.555979967 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.556035995 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.556966066 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.557038069 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.557097912 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.558017015 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.558080912 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.558136940 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.559041977 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.559127092 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.559185028 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.560070992 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.560219049 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.560266018 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.561137915 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.561269999 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.561321020 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.562211990 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.562371969 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.562422991 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.563256025 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.563378096 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.563429117 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.564321041 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.564429998 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.564486980 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.565375090 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.565536976 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.565589905 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.566411018 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.566521883 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.566575050 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.567528963 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.607369900 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.621603012 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.621706009 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.621759892 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.622024059 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.622165918 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.622255087 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.623085022 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.623472929 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.623512030 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.623531103 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.624547005 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.624589920 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.624614954 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.625569105 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.625618935 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.625644922 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.626596928 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.626710892 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.626741886 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.627672911 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.627720118 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.627789974 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.628748894 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.628781080 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.628793001 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.629784107 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.629827976 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.629863977 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.630847931 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.630911112 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.631059885 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.632024050 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.632035017 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.632127047 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.633014917 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.633070946 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.633090973 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.634107113 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.634171009 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.634229898 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.635194063 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.635245085 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.635248899 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.636219978 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.636292934 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.718008995 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.718080997 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.718151093 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.718523979 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.718655109 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.718710899 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.719484091 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.719579935 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.719635963 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.720510006 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.720658064 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.720710993 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.721683025 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.721739054 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.721790075 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.722726107 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.722765923 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.722822905 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.723716974 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.723781109 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.723834991 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.724860907 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.724975109 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.725025892 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.726284027 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.726303101 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.726362944 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.727153063 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.727164984 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.727217913 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.728326082 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.728393078 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.728451014 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.729342937 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.729361057 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.729422092 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.730134964 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.730331898 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.730391026 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.731153011 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.731293917 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.731353045 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.732229948 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.732372046 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.732425928 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.733242989 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.733309031 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.733365059 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.734318972 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.734385967 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.734442949 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.735358000 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.735507011 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.735563040 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.736382961 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.736495972 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.736552000 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.737413883 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.737517118 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.737579107 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.738476038 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.738591909 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.738642931 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.739576101 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.739759922 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.739816904 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.740709066 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.740834951 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.740894079 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.741667986 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.741764069 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.741821051 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.742748022 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.742827892 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.742885113 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.743758917 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.743887901 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.743942976 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.744822979 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.745011091 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.745069027 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.745861053 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.745944977 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.746000051 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.746896982 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.747160912 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.747227907 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.748029947 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.748086929 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.748142004 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.749198914 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.749209881 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.749268055 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.750087976 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.750190020 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.750243902 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.751153946 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.751257896 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.751317024 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.752197981 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.752322912 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.752379894 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.753298044 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.753408909 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.753464937 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.754323006 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.754415989 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.754476070 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.755546093 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.755557060 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.755611897 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.756526947 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.756701946 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.756762981 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.757508993 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.757558107 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.757615089 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.758564949 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.758660078 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.758717060 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.813864946 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.814135075 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.814172029 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.814203978 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.814244986 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.814292908 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.815243006 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.815366983 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.815419912 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.816274881 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.816638947 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.816689968 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.816869020 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.817701101 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.817749977 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.817779064 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.818749905 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.818799973 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.818871975 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.819793940 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.819844961 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.819859028 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.820828915 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.820879936 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.820970058 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.821943998 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.821993113 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.822066069 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.822958946 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.823009014 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.823021889 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.824201107 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.824210882 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.824260950 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.825115919 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.825165987 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.825186014 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.826148987 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.826196909 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.826214075 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.873140097 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.910134077 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.910223961 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.910310030 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.910701990 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.910788059 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.910847902 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.911623001 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.912085056 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.912131071 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.912192106 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.913116932 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.913129091 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.913202047 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.914166927 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.914226055 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.914273977 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.915404081 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.915455103 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.915662050 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.916295052 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.916343927 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.916359901 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.917370081 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.917414904 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.917453051 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.918353081 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.918399096 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.918462038 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.919444084 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.919486046 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.919553041 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.920551062 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.920588970 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.920603991 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.921557903 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.921611071 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.921628952 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.922589064 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.922631025 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.922667027 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.923696041 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.923748016 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.923984051 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.924704075 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.924751997 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.924850941 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.925786972 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.925837994 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.925843954 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.926788092 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.926836967 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.926981926 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.927956104 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.928010941 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.928024054 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.928982019 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.929029942 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.929070950 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.930063963 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.930104971 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.930114985 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.931133986 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.931145906 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.931195021 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.932080030 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.932132006 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.932204962 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.933285952 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.933315992 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.933341026 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.934231043 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.934282064 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.934310913 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.935374975 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.935424089 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.935513020 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.936372995 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.936418056 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.936427116 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.937383890 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.937432051 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.937463999 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.938395977 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.938445091 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.938536882 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.939563990 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.939575911 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.939615965 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.940527916 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.940582991 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.940659046 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.941684961 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.941696882 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.941745043 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.942661047 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.942681074 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.942712069 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.943792105 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.943844080 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.943844080 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.944758892 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.944808006 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.944835901 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.945835114 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.945883989 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.945919037 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.946964979 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.946976900 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.947015047 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.947938919 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.947988033 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.948019028 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.948957920 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.949007988 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.949103117 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.950005054 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.950053930 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:48:59.950112104 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.951226950 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:48:59.951280117 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.005764961 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.005836964 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.005903006 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.006231070 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.006321907 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.006375074 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.007261992 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.007390022 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.007443905 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.008307934 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.008646965 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.008697987 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.008722067 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.009702921 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.009754896 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.009828091 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.010768890 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.010821104 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.010878086 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.011884928 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.011934042 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.011943102 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.012892962 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.012942076 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.012988091 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.013940096 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.013989925 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.014055014 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.015065908 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.015099049 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.015110970 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.016081095 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.016132116 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.016283989 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.017115116 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.017163038 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.017241955 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.018167973 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.018218040 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.018289089 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.060627937 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.102428913 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.102464914 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.102644920 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.102983952 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.103161097 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.103224039 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.104007959 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.104197025 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.104253054 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.105112076 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.105202913 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.105257034 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.106266022 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.106355906 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.106409073 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.107245922 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.107345104 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.107443094 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.108264923 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.108376026 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.108432055 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.109333038 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.109464884 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.109519005 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.110527992 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.110590935 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.110646009 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.111491919 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.111538887 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.111593008 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.112488031 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.112554073 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.112607956 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.113498926 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.113600016 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.113655090 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.114578009 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.114729881 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.114785910 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.115783930 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.115796089 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.115849972 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.116735935 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.116925955 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.116981983 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.118132114 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.118277073 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.118330956 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.118963003 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.119031906 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.119088888 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.119839907 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.119975090 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.120033026 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.120909929 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.121018887 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.121073008 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.122013092 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.122082949 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.122138023 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.123034954 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.123133898 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.123198986 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.124317884 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.124408960 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.124466896 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.125308990 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.125355959 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.125408888 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.126317978 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.126488924 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.126542091 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.127209902 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.127341032 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.127403021 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.128359079 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.128393888 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.128443003 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.129415989 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.129575968 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.129631042 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.130465984 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.130533934 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.130588055 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.131557941 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.131697893 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.131743908 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.132612944 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.132747889 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.132802010 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.133603096 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.133727074 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.133781910 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.134666920 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.134790897 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.134845018 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.135680914 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.135869026 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.135921955 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.136765003 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.136854887 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.136908054 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.137906075 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.137919903 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.137965918 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.139003992 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.139126062 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.139183998 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.140080929 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.140202999 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.140249968 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.141062021 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.141215086 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.141272068 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.142039061 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.142242908 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.142299891 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.143105984 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.143172979 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.143233061 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.203331947 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.203484058 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.203547001 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.203843117 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.203855038 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.203912973 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.204890013 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.205116034 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.205163002 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.205960989 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.206130028 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.206170082 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.207017899 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.207081079 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.207123995 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.208014965 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.208131075 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.208188057 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.209064960 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.209237099 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.209295034 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.210097075 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.210221052 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.210263014 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.211157084 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.211266994 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.211323977 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.212227106 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.212337971 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.212390900 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.213263988 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.213396072 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.213450909 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.214523077 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.214623928 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.214674950 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.215382099 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.215483904 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.215533018 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.216403008 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.263639927 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.294652939 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.294800997 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.294904947 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.295217991 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.295305014 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.295368910 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.296227932 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.296298981 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.296350956 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.297225952 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.297355890 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.297410965 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.298322916 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.298444033 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.298495054 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.299376011 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.299531937 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.299599886 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.300407887 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.300625086 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.300679922 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.301439047 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.301573992 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.301626921 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.302635908 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.302742958 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.302798033 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.303548098 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.303703070 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.303751945 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.304677963 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.304766893 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.304816008 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.305684090 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.305833101 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.305890083 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.306765079 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.306876898 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.306931973 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.307780027 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.307822943 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.307878017 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.308844090 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.308952093 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.309005022 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.310064077 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.310075998 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.310132027 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.311016083 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.311064005 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.311119080 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.312026024 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.312206984 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.312262058 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.313106060 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.313241959 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.313294888 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.314162970 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.314258099 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.314315081 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.315191984 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.315331936 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.315385103 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.316286087 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.316482067 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.316534996 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.317363977 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.317413092 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.317466021 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.318416119 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.318480968 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.318537951 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.319713116 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.319809914 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.319865942 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.320755959 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.320894003 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.320945978 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.321516037 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.321681976 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.321738005 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.322666883 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.322685003 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.322746038 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.323755026 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.323893070 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.323952913 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.324753046 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.324827909 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.324924946 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.325781107 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.325896025 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.325953960 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.326879025 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.327080011 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.327136040 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.327897072 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.327979088 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.328032017 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.329029083 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.329041004 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.329092979 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.329993010 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.330039024 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.330092907 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.331113100 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.331177950 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.331233978 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.332076073 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.332264900 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.332321882 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.333148003 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.333265066 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.333317995 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.334403038 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.334445953 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.334498882 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.335484028 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.335552931 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.335603952 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.395878077 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.396061897 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.396136999 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.396397114 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.396444082 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.396502018 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.397180080 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.397219896 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.397267103 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.398266077 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.398360014 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.398411036 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.399322033 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.399405003 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.399456978 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.400362968 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.400490046 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.400542021 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.401406050 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.401505947 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.401559114 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.402460098 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.402569056 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.402621031 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.403533936 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.403718948 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.403769970 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.404822111 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.404870033 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.404920101 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.405642986 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.405776024 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.405826092 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.406672001 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.406786919 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.406838894 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.407726049 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.407867908 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.407918930 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.408834934 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.451277018 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.487293959 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.487420082 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.487500906 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.487915993 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.487988949 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.488044977 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.488498926 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.488548994 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.488601923 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.489471912 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.489583969 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.489635944 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.490811110 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.490895987 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.490952969 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.491462946 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.491544962 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.491600037 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.492415905 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.492497921 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.492552996 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.493427038 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.493591070 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.493643045 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.494360924 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.494570971 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.494625092 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.495351076 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.495488882 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.495546103 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.496328115 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.496412039 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.496467113 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.497299910 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.497384071 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.497438908 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.498261929 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.498394012 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.498445034 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.499223948 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.499357939 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.499408960 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.500211000 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.500333071 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.500386000 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.501269102 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.501338005 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.501393080 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.502185106 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.502446890 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.502500057 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.503228903 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.503304005 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.503355026 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.504218102 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.504339933 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.504394054 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.505198956 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.505302906 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.505352974 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.506257057 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.506378889 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.506432056 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.507157087 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.507216930 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.507268906 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.508130074 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.508249044 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.508297920 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.509243965 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.509366989 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.509421110 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.510155916 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.510174990 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.510230064 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.511163950 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.511353970 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.511406898 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.512085915 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.512141943 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.512195110 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.513145924 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.513284922 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.513338089 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.514092922 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.514174938 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.514225960 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.515059948 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.515258074 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.515302896 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.516042948 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.516165972 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.516217947 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.517045975 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.517157078 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.517208099 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.518099070 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.518111944 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.518157959 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.519016981 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.519088030 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.519143105 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.519999981 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.520093918 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.520147085 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.520983934 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.521058083 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.521109104 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.522011042 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.522025108 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.522068977 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.523035049 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.523086071 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.523139000 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.524008036 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.524225950 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.524279118 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.525032997 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.525134087 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.525185108 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.588949919 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.589052916 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.589121103 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.589298010 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.589396000 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.589452028 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.590110064 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.590264082 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.590320110 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.591061115 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.591137886 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.591196060 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.592061043 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.592171907 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.592216015 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.593050003 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.593202114 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.593249083 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.594038010 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.594160080 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.594203949 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.595004082 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.595196962 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.595256090 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.596069098 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.596146107 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.596203089 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.597028971 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.597125053 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.597177982 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.598015070 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.598129034 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.598180056 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.599071980 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.599083900 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.599136114 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.599982023 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.600061893 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.600119114 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.600951910 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.654258966 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.679116964 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.679250002 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.679311037 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.679579973 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.679708958 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.679759979 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.680552959 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.680598021 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.680649042 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.681509972 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.681591034 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.681643009 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.682553053 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.682565928 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.682625055 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.683362007 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.683617115 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.683669090 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.684329033 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.684446096 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.684498072 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.685277939 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.685437918 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.685527086 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.686239004 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.686450005 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.686515093 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.687172890 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.687185049 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.687232971 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.688121080 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.688240051 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.688288927 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.689038038 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.689097881 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.689150095 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.690047979 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.690092087 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.690140963 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.690984964 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.691050053 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.691097975 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.691931963 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.691942930 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.691992044 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.692861080 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.692903996 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.692956924 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.693921089 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.693985939 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.694037914 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.694859028 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.694869995 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.694917917 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.695787907 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.695804119 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.695861101 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.696693897 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.696857929 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.696916103 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.697624922 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.697644949 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.697690964 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.698517084 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.698616028 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.698671103 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.699429989 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.699516058 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.699572086 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.700381994 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.700485945 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.700536013 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.701338053 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.701375961 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.701421022 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.702215910 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.702406883 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.702455044 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.703232050 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.703438044 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.703490019 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.704224110 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.704356909 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.704400063 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.705095053 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.705202103 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.705251932 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.706000090 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.706099033 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.706151962 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.706938982 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.707072973 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.707122087 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.707933903 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.707982063 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.708030939 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.708836079 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.708851099 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.708901882 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.709784031 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.709822893 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.709875107 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.710689068 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.710805893 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.710859060 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.711636066 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.712615967 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.712670088 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.713836908 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.713854074 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.713865995 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.713877916 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.713908911 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.713957071 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.714788914 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.714802980 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.714873075 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.715538025 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.715706110 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.715753078 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.781619072 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.781632900 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.781699896 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.781941891 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.782114983 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.782169104 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.782792091 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.782962084 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.783015013 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.783902884 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.783922911 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.783993959 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.784734964 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.784909010 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.784964085 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.785737038 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.785904884 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.785960913 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.786911964 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.787096024 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.787148952 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.787707090 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.787719011 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.787774086 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.788497925 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.788667917 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.788721085 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.789546967 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.789613962 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.789681911 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.790227890 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.790416956 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.790482998 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.792155981 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.792318106 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.792373896 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.793037891 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.793339968 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.793353081 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.793390036 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.841764927 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.871330976 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.871442080 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.871499062 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.871778011 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.871896982 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.871947050 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.872684956 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.872828960 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.872884035 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.873626947 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.873811960 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.873853922 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.874003887 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.874737978 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.874798059 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.874806881 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.875638962 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.875684977 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.875794888 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.876519918 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.876564980 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.876621962 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.877474070 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.877520084 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.877583981 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.878326893 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.878382921 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.878420115 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.879251957 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.879302025 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.879384041 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.880145073 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.880196095 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.880269051 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.881186962 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.881233931 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.881330013 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.882189989 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.882203102 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.882236958 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.882826090 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.882872105 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.882957935 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.883758068 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.883807898 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.883822918 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.884663105 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.884711981 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.884919882 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.886043072 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.886091948 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.886240005 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.886682034 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.886719942 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.886732101 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.887310028 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.887362003 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.887494087 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.888206005 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.888256073 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.888319969 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.889159918 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.889208078 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.889211893 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.890043974 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.890091896 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.890131950 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.890913963 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.890963078 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.891028881 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.891796112 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.891844034 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.891877890 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.892772913 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.892784119 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.892832041 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.893573999 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.893625021 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.893697023 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.894484043 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.894531965 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.894535065 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.895380974 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.895430088 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.895497084 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.896338940 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.896385908 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.896420002 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.897216082 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.897264004 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.897275925 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.898150921 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.898212910 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.898247957 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.899074078 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.899121046 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.899135113 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.899908066 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.899955988 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.899974108 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.900782108 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.900829077 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.900895119 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.901668072 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.901719093 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.901753902 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.902549982 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.902595043 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.902657986 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.903456926 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.903503895 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.903577089 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.904365063 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.904412985 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.904515028 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.905273914 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.905327082 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.905399084 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.906147957 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.906199932 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.977849007 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.978013039 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.978092909 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.978233099 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.978374004 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.978426933 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.979103088 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.979523897 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.979535103 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.979847908 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.980413914 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.980468035 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.980488062 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.981355906 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.981367111 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.981405973 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.982151985 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.982206106 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.982284069 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.983095884 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.983150005 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.983211994 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.983937979 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.983988047 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.984040022 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.984827995 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.984878063 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.984944105 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.985716105 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.985765934 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.985843897 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.986658096 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.986707926 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.986732960 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.987529039 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.987622976 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.987654924 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.988432884 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:00.988476992 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:00.988507986 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.029264927 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.148736000 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.201133013 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.227471113 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.227485895 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.227575064 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.231812954 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.270776987 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.275300980 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.321481943 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.321494102 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.321505070 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.321516037 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.321552992 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.321566105 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.321588039 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.321638107 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.321650982 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.321656942 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.321662903 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.321674109 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.321683884 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.321686029 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.321698904 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.321711063 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.321711063 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.321731091 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.321739912 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.321743965 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.321755886 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.321803093 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.321847916 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.321962118 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.321979046 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.321989059 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.322001934 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.322038889 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.322082996 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.322138071 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.322149038 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.322158098 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.322170973 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.322180986 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.322191954 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.322194099 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.322206974 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.322222948 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.322237015 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.322248936 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.322253942 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.322268009 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.322280884 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.322288990 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.322312117 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.322334051 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.322915077 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.322927952 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.322937012 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.322984934 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.322994947 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.323008060 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.323018074 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.323030949 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.323040962 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.323055029 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.323059082 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.323070049 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.323106050 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.323129892 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.323714972 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.323726892 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.323736906 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.323746920 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.323756933 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.323769093 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.323777914 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.323779106 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.323791981 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.323803902 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.323810101 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.323815107 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.323820114 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.323829889 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.323834896 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.323841095 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.323852062 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.323875904 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.323909044 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.324625015 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.324681044 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.324707031 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.324718952 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.324728966 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.324739933 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.324764013 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.324774981 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.324778080 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.324786901 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.324804068 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.324810028 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.324815989 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.324830055 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.324867964 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.324897051 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.324909925 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.324918985 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.324930906 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.324942112 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.324965000 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.324985981 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.325887918 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.325900078 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.325970888 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.326009035 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.326021910 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.326030970 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.326042891 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.326055050 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.326059103 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.326069117 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.326080084 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.326092005 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.326109886 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.326134920 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.326459885 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.326472044 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.326481104 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.326513052 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.326533079 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.326731920 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.326744080 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.326752901 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.326765060 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.326781988 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.326782942 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.326796055 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.326807976 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.326818943 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.326821089 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.326829910 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.326842070 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.326848030 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.326854944 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.326867104 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.326873064 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.326878071 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.326889992 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.326900959 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.326904058 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.326913118 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.326922894 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.326950073 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.326972008 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.327795029 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.327806950 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.327816963 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.327827930 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.327838898 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.327845097 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.327852964 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.327863932 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.327874899 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.327884912 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.327892065 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.327896118 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.327908039 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.327919006 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.327922106 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.327930927 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.327948093 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.327971935 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.328702927 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.328716040 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.328732014 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.328742981 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.328748941 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.328754902 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.328767061 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.328778982 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.328790903 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.328797102 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.328804970 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.328815937 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.328826904 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.328838110 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.328847885 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.328847885 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.328861952 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.328874111 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.328882933 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.328886986 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.328902006 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.328936100 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.329555988 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.329569101 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.329581022 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.329610109 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.329627991 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.329808950 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.329822063 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.329832077 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.329843044 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.329853058 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.329865932 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.329878092 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.329893112 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.329905033 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.329929113 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.329941034 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.329952002 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.329962969 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.329967976 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.329967976 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.329982996 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.329996109 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.329996109 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.330008984 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.330019951 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.330035925 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.330060959 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.330902100 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.330913067 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.330923080 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.330933094 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.330944061 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.330954075 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.330956936 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.330969095 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.330976963 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.330981970 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.330991983 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.331003904 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.331006050 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.331017017 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.331027985 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.331037045 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.331041098 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.331051111 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.331053972 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.331069946 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.331079006 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.331096888 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.331860065 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.331871033 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.331881046 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.331892967 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.331903934 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.331911087 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.331914902 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.331943035 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.331944942 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.331955910 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.331967115 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.331976891 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.331988096 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.331999063 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.332000971 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.332010031 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.332024097 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.332035065 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.332036972 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.332056999 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.332066059 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.332103968 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.332623005 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.332668066 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.334068060 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.362622976 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.362715960 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.362819910 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.363018990 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.363105059 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.363884926 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.363940001 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.364031076 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.364088058 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.364754915 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.364883900 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.365279913 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.365622997 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.365744114 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.366458893 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.366503000 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.366542101 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.366586924 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.367377043 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.367496967 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.368237972 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.368295908 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.368360996 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.368406057 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.369155884 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.369324923 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.370014906 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.370066881 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.370107889 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.370158911 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.370855093 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.370975971 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.371263027 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.371772051 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.371839046 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.372175932 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.372670889 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.372751951 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.372803926 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.373429060 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.419867992 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.448076963 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.448224068 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.448282957 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.448586941 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.448673964 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.448726892 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.449424028 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.449435949 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.449491978 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.450218916 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.450575113 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.450587034 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.450628042 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.451337099 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.451385021 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.451473951 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.452292919 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.452387094 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.452446938 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.453068972 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.453120947 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.453161001 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.453969955 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.454062939 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.454123020 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.454819918 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.454865932 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.454946041 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.455703974 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.455800056 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.455852032 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.456583023 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.456640959 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.456669092 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.457484961 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.457531929 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.457657099 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.458345890 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.458419085 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.458472967 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.459222078 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.459279060 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.459377050 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.460150003 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.460226059 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.460273027 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.460987091 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.461046934 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.461129904 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.461844921 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.461894035 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.461939096 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.462821007 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.462831974 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.462876081 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.463570118 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.463614941 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.463679075 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.464415073 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.464553118 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.464608908 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.465317011 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.465367079 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.465459108 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.466281891 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.466367960 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.466422081 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.467138052 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.467185020 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.467253923 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.468018055 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.468102932 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.468147039 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.468821049 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.468895912 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.468929052 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.469685078 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.469734907 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.469844103 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.470577002 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.470674992 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.470726967 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.471479893 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.471532106 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.471563101 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.472417116 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.472470999 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.472491026 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.473185062 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.473242044 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.473261118 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.474049091 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.474098921 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.474212885 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.474921942 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.475044966 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.475099087 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.475821018 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.475866079 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.475904942 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.476814032 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.476830006 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.476887941 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.477545977 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.477608919 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.477643013 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.478406906 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.478461027 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.478471041 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.479362011 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.479418993 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.479516029 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.480181932 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.480235100 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.480298042 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.481041908 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.481214046 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.481264114 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.481952906 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.482004881 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.554841042 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.554964066 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.555097103 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.555211067 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.555324078 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.556214094 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.556281090 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.556406021 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.556464911 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.557137012 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.557153940 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.557214975 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.557830095 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.557874918 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.557938099 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.558780909 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.558793068 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.558844090 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.559552908 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.559631109 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.560429096 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.560513973 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.560591936 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.560642004 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.561321974 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.561419964 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.562179089 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.562221050 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.562232018 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.562266111 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.563066006 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.563158035 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.563263893 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.564049959 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.564062119 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.564104080 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.564927101 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.564938068 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.564985037 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.565771103 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.607413054 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.640328884 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.640532970 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.640597105 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.640746117 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.640908003 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.641015053 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.641624928 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.641695023 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.641752005 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.642415047 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.642720938 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.642803907 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.642857075 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.643625021 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.643686056 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.643776894 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.644572020 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.644618034 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.644679070 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.645365953 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.645436049 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.645500898 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.646234035 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.646285057 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.646464109 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.647141933 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.647207975 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.647219896 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.648005009 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.648108006 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.648114920 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.649080992 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.649168968 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.649175882 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.649813890 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.649861097 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.649960041 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.650899887 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.650969028 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.650986910 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.651596069 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.651655912 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.651767015 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.652406931 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.652462006 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.652513027 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.653357983 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.653408051 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.653486967 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.654146910 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.654206991 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.654232025 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.654949903 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.655006886 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.655047894 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.655900002 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.655942917 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.655982971 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.656816006 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.656863928 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.656904936 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.657613039 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.657705069 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.657826900 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.658476114 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.658536911 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.658575058 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.659342051 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.659463882 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.659472942 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.660202980 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.660268068 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.660331964 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.661073923 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.661128998 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.661196947 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.661993027 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.662036896 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.662054062 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.663027048 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.663079977 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.663110971 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.663738012 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.663781881 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.663786888 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.664612055 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.664669037 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.664704084 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.665441990 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.665484905 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.665548086 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.667596102 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.667649984 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.667660952 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.667675972 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.667743921 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.667759895 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.668093920 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.668149948 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.668226004 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.669018030 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.669156075 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.669203043 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.669867039 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.669915915 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.669956923 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.670703888 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.670773983 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.670820951 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.671714067 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.671875954 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.671926975 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.672425985 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.672472000 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.672704935 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.673316002 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.673403025 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.673451900 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.674247980 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.677067995 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.747116089 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.747277021 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.747349024 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.747558117 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.747648954 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.747710943 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.748399019 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.748445034 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.748550892 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.749259949 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.749272108 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.749331951 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.750061989 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.750149965 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.750262976 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.750926971 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.751076937 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.751132011 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.751812935 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.751887083 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.752530098 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.752619028 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.752814054 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.752876997 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.753511906 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.753706932 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.753772020 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.754400969 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.754568100 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.754636049 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.755255938 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.755379915 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.755714893 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.756139994 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.756230116 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.756280899 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.757014990 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.757266045 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.757697105 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.757859945 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.810488939 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.832427979 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.832559109 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.832647085 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.832840919 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.832942009 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.833000898 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.833878040 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.833931923 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.834244967 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.834644079 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.834911108 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.834959984 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.835000038 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.835746050 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.835797071 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.835869074 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.836615086 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.836654902 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.836667061 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.837482929 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.837541103 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.837579012 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.838397026 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.838453054 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.838519096 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.839293957 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.839364052 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.839421034 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.840096951 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.840154886 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.840217113 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.840986967 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.841037035 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.841070890 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.841907024 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.841970921 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.841988087 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.842772961 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.842828035 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.842866898 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.843699932 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.843745947 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.843864918 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.844527006 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.844580889 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.844604969 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.845446110 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.845498085 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.845602989 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.846271992 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.846322060 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.846364021 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.847131968 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.847188950 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.847194910 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.848001957 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.848048925 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.848129034 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.848905087 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.849013090 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.849750996 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.849850893 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.850280046 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.850646019 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.850735903 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.851703882 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.851717949 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.852426052 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.852775097 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.853349924 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.853426933 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.854264975 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.854276896 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.854989052 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.855182886 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.855248928 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.855318069 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.855936050 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.856008053 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.856110096 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.856905937 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.856964111 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.857017994 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.857594967 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.857650995 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.857731104 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.858480930 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.858537912 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.858577967 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.859373093 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.859437943 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.859482050 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.860250950 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.860301018 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.860374928 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.861121893 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.861180067 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.861205101 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.862059116 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.862109900 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.862149954 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.862838030 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.862903118 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.862982035 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.863737106 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.863786936 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.863833904 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.864681005 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.864738941 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.864742041 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.865484953 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.865616083 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.865677118 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.866328955 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.866384029 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.939009905 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.939045906 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.939119101 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.939227104 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.939451933 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.939512014 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.940177917 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.940232992 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.940968990 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.941013098 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.941078901 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.941132069 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.941929102 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.941942930 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.941993952 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.942512989 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.942663908 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.942728043 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.943367958 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.943479061 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.944163084 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.944219112 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.944359064 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.944415092 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.945230961 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.945255041 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.945307016 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.945981979 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.946059942 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.946345091 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.946877956 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.946994066 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.947048903 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.947727919 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.947838068 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.947896004 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.948620081 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.948697090 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.948756933 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:01.949491978 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.949565887 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:01.949616909 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.024627924 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.024780989 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.024847031 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.026881933 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.027237892 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.027746916 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.027772903 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.027784109 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.027796030 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.027796984 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.027808905 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.027868032 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.028134108 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.028192997 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.028289080 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.029031992 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.029083014 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.029191971 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.029644966 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.029706955 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.029742002 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.030519962 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.030592918 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.030613899 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.031423092 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.031452894 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.031517029 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.032301903 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.032356024 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.032392979 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.033130884 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.033204079 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.033241034 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.034092903 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.034148932 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.034173012 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.034899950 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.034998894 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.035047054 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.035798073 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.035865068 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.035881996 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.036686897 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.036745071 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.036772966 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.037506104 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.037578106 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.037635088 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.038414001 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.038467884 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.038486004 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.039232016 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.039372921 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.039390087 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.040172100 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.040225029 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.040256023 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.041008949 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.041080952 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.041219950 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.041881084 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.041969061 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.041992903 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.042828083 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.042867899 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.042875051 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.043680906 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.043731928 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.043765068 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.044687033 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.044738054 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.044867992 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.045730114 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.045782089 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.045804977 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.046485901 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.046549082 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.046578884 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.047143936 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.047205925 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.047290087 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.048010111 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.048077106 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.048101902 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.048932076 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.048984051 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.049019098 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.049762011 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.049812078 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.050072908 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.050631046 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.050690889 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.050717115 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.051547050 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.051604033 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.051641941 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.052376986 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.052417994 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.052433968 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.053263903 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.053327084 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.053359032 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.056412935 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.056427002 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.056438923 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.056493044 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.056536913 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.056567907 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.056581974 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.056592941 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.056962013 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.057075977 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.057096004 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.057125092 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.057950020 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.057962894 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.058012009 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.058821917 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.058876991 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.131217003 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.131364107 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.131419897 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.131644964 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.131762981 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.131973028 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.132647991 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.132790089 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.133016109 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.133378029 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.133470058 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.133517027 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.134226084 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.134339094 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.134422064 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.135123968 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.135245085 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.135298014 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.136018991 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.136069059 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.136128902 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.136847973 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.136969090 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.137027025 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.137727976 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.137846947 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.137897015 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.138619900 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.138720989 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.138784885 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.139501095 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.139596939 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.139823914 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.140371084 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.140471935 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.140530109 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.141268015 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.141335964 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.141397953 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.142075062 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.185520887 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.216717958 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.216840982 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.216972113 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.217062950 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.217464924 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.217520952 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.217597961 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.218242884 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.218291998 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.218458891 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.219321012 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.219372988 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.219397068 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.219656944 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.219707966 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.219743967 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.220560074 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.220639944 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.220695972 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.221414089 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.221513987 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.221576929 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.222290039 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.222338915 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.222421885 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.223366022 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.223416090 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.223478079 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.224013090 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.224057913 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.224133968 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.224909067 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.224992037 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.225055933 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.225774050 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.225888014 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.225953102 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.226696014 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.226732969 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.226747036 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.227664948 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.227766037 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.227828026 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.228395939 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.228444099 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.228518009 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.229276896 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.229345083 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.229366064 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.230220079 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.230283022 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.230345011 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.231050014 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.231100082 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.231125116 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.231940985 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.232038021 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.232100964 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.232801914 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.232844114 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.232949018 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.233686924 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.233778000 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.233838081 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.234529018 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.234577894 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.234642029 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.235415936 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.235508919 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.235569954 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.236274958 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.236332893 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.236367941 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.237174034 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.237272024 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.237335920 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.238126993 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.238296032 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.238354921 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.239310026 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.239367008 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.239392042 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.240127087 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.240204096 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.240293026 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.240793943 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.240840912 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.240947008 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.241535902 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.241708040 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.241765976 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.242388964 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.242440939 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.242527962 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.243310928 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.243496895 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.243561029 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.244381905 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.244432926 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.244462967 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.245026112 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.245165110 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.245229006 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.245893955 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.246162891 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.246227980 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.246794939 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.246850014 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.246933937 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.247649908 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.247761011 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.247827053 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.248512030 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.248565912 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.248608112 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.249394894 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.249567032 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.249631882 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.250288963 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.250420094 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.250484943 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.323482990 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.323504925 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.323617935 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.323790073 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.323904991 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.324683905 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.324743986 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.324883938 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.325012922 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.325545073 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.325606108 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.325674057 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.326668024 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.326719046 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.327498913 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.327560902 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.327564955 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.327631950 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.328196049 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.328285933 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.329051018 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.329113007 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.329166889 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.329229116 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.329919100 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.330044985 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.330116034 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.330817938 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.330934048 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.331871033 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.331933975 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.331969976 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.332017899 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.332554102 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.332663059 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.333276987 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.333419085 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.333547115 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.334254026 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.334302902 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.409141064 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.409296036 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.409358978 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.409603119 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.409766912 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.409817934 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.410329103 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.410491943 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.410547018 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.411209106 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.411328077 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.411375999 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.412184000 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.412271023 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.412321091 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.412949085 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.413094997 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.413149118 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.413821936 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.413927078 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.413976908 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.414700031 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.414745092 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.414797068 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.415613890 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.415705919 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.415764093 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.416460037 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.416594982 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.416646004 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.417360067 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.417475939 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.417529106 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.418195963 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.418304920 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.418353081 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.419167042 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.419236898 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.419285059 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.419943094 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.420053005 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.420105934 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.420864105 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.421025991 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.421073914 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.422348976 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.422439098 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.422489882 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.423610926 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.423814058 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.423861980 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.424175978 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.424326897 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.424376965 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.425039053 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.425172091 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.425224066 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.426013947 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.426172972 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.426220894 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.427366018 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.427570105 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.427620888 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.428401947 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.428482056 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.428534031 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.429218054 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.429315090 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.429364920 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.429892063 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.430037022 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.430089951 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.431092978 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.431232929 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.431284904 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.432044029 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.432117939 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.432168961 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.432897091 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.432959080 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.433011055 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.433645964 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.433742046 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.433794022 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.434112072 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.434179068 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.434226990 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.434562922 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.434720993 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.434775114 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.435030937 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.435096979 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.435144901 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.435734987 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.435940027 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.435992002 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.436588049 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.436733961 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.436785936 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.437439919 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.437642097 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.437695026 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.438329935 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.438457012 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.438508987 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.439188004 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.439297915 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.439351082 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.440063000 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.440203905 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.440257072 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.440998077 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.441149950 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.441203117 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.441849947 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.441915035 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.441965103 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.442745924 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.442792892 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.442842960 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.515501976 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.515609980 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.515958071 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.516020060 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.516046047 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.516093969 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.516805887 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.516922951 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.517293930 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.517739058 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.517882109 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.518578053 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.518632889 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.518713951 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.518767118 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.519484997 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.519566059 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.520291090 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.520345926 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.520453930 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.520503998 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.521198988 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.521230936 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.521562099 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.522286892 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.522432089 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.523006916 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.523060083 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.523096085 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.523194075 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.523762941 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.523871899 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.524657011 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.524710894 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.524745941 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.524801970 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.525542974 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.525633097 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.525691032 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.526352882 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.576111078 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.601336956 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.601474047 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.601582050 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.601748943 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.601881027 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.602603912 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.602665901 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.602722883 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.602778912 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.603476048 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.603596926 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.604331970 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.604384899 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.604429960 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.604482889 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.605205059 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.605319977 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.605559111 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.606075048 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.606216908 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.606961012 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.607013941 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.607048035 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.607101917 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.607846022 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.607949972 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.608815908 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.608872890 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.608927965 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.608980894 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.609626055 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.609740019 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.609797955 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.610519886 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.610707045 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.611380100 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.611438036 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.611465931 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.611520052 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.612248898 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.612431049 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.613106966 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.613157988 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.613223076 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.613272905 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.613981962 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.614031076 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.614095926 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.614849091 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.614964008 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.615020037 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.615746021 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.615875006 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.615931034 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.616604090 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.616761923 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.616991043 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.617482901 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.617559910 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.617619038 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.618319988 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.618531942 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.618585110 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.619256973 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.619482994 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.619545937 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.620083094 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.620197058 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.620946884 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.620997906 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.621084929 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.621134043 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.621812105 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.621889114 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.621947050 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.622694016 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.622807026 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.623265982 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.623564005 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.623667002 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.623735905 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.624469995 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.624573946 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.624636889 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.625327110 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.625439882 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.625497103 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.626202106 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.626290083 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.626342058 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.627146959 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.627305031 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.627372026 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.628036976 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.628134966 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.628191948 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.628843069 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.629013062 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.629060984 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.629757881 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.629801035 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.629857063 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.630671024 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.630794048 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.630845070 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.631442070 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.631577015 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.631632090 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.632293940 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.632467985 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.632519007 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.633186102 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.633285046 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.633346081 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.634114981 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.634243011 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.634334087 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.634989023 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.635008097 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.635067940 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.707927942 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.708015919 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.708091021 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.708231926 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.708329916 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.708954096 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.709007025 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.709037066 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.709083080 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.709845066 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.709976912 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.710278988 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.710709095 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.710848093 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.710901022 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.711561918 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.711707115 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.711770058 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.712434053 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.712585926 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.712768078 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.713304043 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.713430882 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.713485003 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.714159012 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.714276075 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.715007067 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.715060949 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.715133905 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.715193987 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.715919971 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.716022968 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.716804981 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.716860056 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.716905117 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.716959000 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.717619896 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.717744112 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.718210936 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.718555927 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.765624046 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.793720961 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.793796062 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.793884039 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.794117928 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.794181108 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.794945002 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.795001984 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.795037985 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.795104027 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.795777082 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.795891047 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.796649933 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.796700001 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.796757936 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.796808004 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.797521114 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.797619104 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.798382044 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.798430920 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.798492908 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.798548937 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.799278021 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.799416065 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.800143003 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.800192118 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.800271034 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.800323009 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.801026106 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.801168919 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.801316023 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.801925898 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.802155018 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.802757978 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.802808046 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.802865982 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.802918911 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.804018974 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.804146051 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.804649115 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.804666996 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.804697037 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.804730892 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.805411100 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.805757046 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.806260109 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.806308031 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.806389093 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.806447983 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.807123899 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.807248116 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.808018923 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.808068991 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.808132887 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.808186054 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.808885098 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.808989048 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.809356928 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.809767008 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.809920073 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.810574055 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.810640097 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.810755014 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.810811996 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.811513901 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.811631918 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.812419891 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.812475920 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.812515020 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.812566996 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.813251972 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.813375950 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.813621044 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.814179897 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.814248085 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.815013885 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.815061092 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.815143108 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.815195084 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.815870047 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.815983057 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.816760063 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.816808939 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.816868067 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.816920042 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.817663908 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.817759037 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.817814112 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.818528891 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.818600893 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.819381952 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.819432974 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.819472075 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.819525003 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.820246935 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.820370913 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.821115971 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.821165085 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.821181059 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.821242094 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.822097063 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.822349072 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.822401047 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.823070049 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.823153019 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.823774099 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.823823929 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.823904991 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.823955059 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.824640036 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.824779987 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.825474977 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.825491905 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.825611115 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.826370955 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.826442957 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.826467991 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.826517105 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.827236891 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.827358007 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.829257965 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.900048018 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.900183916 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.900305986 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.900492907 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.900542974 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.901271105 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.901415110 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.901730061 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.901818991 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.901875973 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.902553082 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.902606010 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.902631044 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.903451920 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.903673887 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.903728962 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.904341936 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.904402018 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.904431105 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.905267000 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.905365944 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.905478954 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.906091928 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.906193972 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.906245947 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.906972885 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.907020092 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.907061100 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.907809973 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.907924891 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.907983065 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.908715963 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.908780098 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.908814907 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.909614086 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.909775972 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.909836054 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.910526037 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.910578966 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.910610914 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.951122046 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.985851049 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.986032009 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.986135960 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.986233950 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.986377001 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.987231970 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.987282991 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.987294912 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.987381935 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.988006115 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.988173008 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.988845110 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.988895893 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.989052057 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.989105940 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.989770889 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.989830017 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.989881039 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.990616083 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.990699053 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.991516113 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.991599083 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.991616964 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.991652966 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.992620945 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.992664099 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.993217945 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.993268013 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.993300915 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.993355989 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.994138956 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.994219065 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.994282961 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.995048046 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.995178938 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.995872021 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.995924950 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.996222019 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.996272087 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.996767998 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.996912956 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.997458935 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.997611046 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.997716904 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.998496056 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.998550892 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.998594046 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.998646975 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:02.999367952 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:02.999521017 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.000226021 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.000281096 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.000354052 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.000401974 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.001105070 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.001194954 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.001768112 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.002326965 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.002604008 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.003170013 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.003226995 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.003238916 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.003299952 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.003978014 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.004036903 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.004576921 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.004635096 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.004751921 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.004802942 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.005496025 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.005655050 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.005719900 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.006364107 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.006447077 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.007291079 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.007302046 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.007349968 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.008128881 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.008296967 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.008944988 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.009010077 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.009078026 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.009125948 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.009852886 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.009942055 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.009999037 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.010709047 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.010802984 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.011701107 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.011753082 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.011758089 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.011804104 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.012504101 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.012542963 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.013336897 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.013384104 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.013453960 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.013499022 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.014200926 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.014338970 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.014389038 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.015130997 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.015289068 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.016114950 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.016156912 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.016328096 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.016371965 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.017311096 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.017555952 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.017615080 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.018294096 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.018399000 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.018861055 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.018913984 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.018949986 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.018996000 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.019491911 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.019527912 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.021568060 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.094008923 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.094019890 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.094031096 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.094037056 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.094115973 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.094858885 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.095046043 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.095870972 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.095882893 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.095925093 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.095961094 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.096685886 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.096844912 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.096896887 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.097839117 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.097974062 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.098030090 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.098730087 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.098913908 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.099307060 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.099359989 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.099395990 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.099451065 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.100140095 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.100294113 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.101286888 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.101301908 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.101320028 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.102000952 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.102052927 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.102125883 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.102176905 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.102814913 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.102983952 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.103724957 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.103775978 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.103904009 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.103956938 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.104511976 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.104528904 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.104578972 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.178251028 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.178330898 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.178423882 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.178510904 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.178581953 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.178632975 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.179318905 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.179364920 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.179416895 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.180155039 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.180300951 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.180351019 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.181030989 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.181149006 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.181200981 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.181898117 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.182073116 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.182121992 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.182769060 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.182909966 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.182959080 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.183645010 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.183886051 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.183934927 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.184623957 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.184669018 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.184717894 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.185517073 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.185756922 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.185810089 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.186403990 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.186602116 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.186650991 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.187386036 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.187485933 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.187536001 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.188761950 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.189007998 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.189058065 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.189323902 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.189419031 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.189467907 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.189865112 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.190074921 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.190124989 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.190668106 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.190748930 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.190798044 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.191556931 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.191615105 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.191662073 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.192423105 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.192435980 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.192485094 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.193346977 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.193422079 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.193471909 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.194140911 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.194341898 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.194391966 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.195044994 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.195348024 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.195395947 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.195997953 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.196106911 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.196156979 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.197007895 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.197170019 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.197218895 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.197640896 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.197814941 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.197865963 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.198519945 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.198681116 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.198733091 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.199390888 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.199556112 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.199604988 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.200248003 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.200434923 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.200489998 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.201159000 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.201278925 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.201335907 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.202033043 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.202159882 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.202205896 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.203037977 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.203130960 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.203181982 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.203772068 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.203852892 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.203902960 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.204727888 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.204792023 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.204843044 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.205646038 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.205832005 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.205879927 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.206398964 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.206676960 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.206726074 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.207273006 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.207392931 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.207443953 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.208337069 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.208400011 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.208448887 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.209011078 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.209111929 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.209156990 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.209883928 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.210063934 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.210114956 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.210781097 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.210905075 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.210956097 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.211606026 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.211693048 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.211743116 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.285049915 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.285099983 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.285155058 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.285336971 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.285497904 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.285541058 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.285654068 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.286483049 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.286535978 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.286561012 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.287410975 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.287452936 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.287483931 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.288346052 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.288388968 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.288423061 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.289300919 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.289313078 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.289361000 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.289872885 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.289921999 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.290003061 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.290565968 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.290576935 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.290608883 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.291480064 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.291524887 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.291605949 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.292401075 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.292412043 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.292444944 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.293189049 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.293234110 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.293267012 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.294037104 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.294080019 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.294181108 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.294919968 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.294962883 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.294979095 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.295826912 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.295877934 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.370191097 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.370362997 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.370426893 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.370659113 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.370836020 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.370887995 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.371488094 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.371579885 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.371627092 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.372306108 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.372436047 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.372484922 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.373197079 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.373287916 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.373333931 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.374047995 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.374171972 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.374224901 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.374922037 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.375051022 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.375098944 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.375824928 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.375967026 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.376014948 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.376708031 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.376791954 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.376842976 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.377548933 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.377666950 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.377713919 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.378463984 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.378525972 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.378576040 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.379304886 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.379391909 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.379441977 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.380204916 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.380276918 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.380327940 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.381052017 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.381273985 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.381318092 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.381890059 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.382042885 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.382091045 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.382764101 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.382889986 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.382939100 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.383670092 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.383794069 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.383841038 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.384531975 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.384604931 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.384649038 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.385428905 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.385540009 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.385584116 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.386270046 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.386425018 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.386471033 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.387162924 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.387351036 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.387403011 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.388011932 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.388123035 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.388170958 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.388946056 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.388998985 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.389058113 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.389744043 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.389873028 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.389924049 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.390592098 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.390773058 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.390821934 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.391496897 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.391616106 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.391663074 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.392353058 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.392498016 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.392548084 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.393253088 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.393340111 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.393387079 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.394131899 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.394222021 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.394282103 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.395062923 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.395087957 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.395134926 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.395853043 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.396040916 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.396086931 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.396785975 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.396838903 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.396883965 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.397627115 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.397739887 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.397787094 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.398510933 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.398588896 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.398637056 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.399369955 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.399472952 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.399519920 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.400252104 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.400394917 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.400444984 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.401130915 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.401266098 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.401313066 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.402004957 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.402112007 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.402157068 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.402884960 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.402981997 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.403032064 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.403805971 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.403896093 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.403939962 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.477098942 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.477152109 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.477212906 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.477498055 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.477602005 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.477654934 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.478435040 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.478503942 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.478553057 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.479259968 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.479367018 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.479414940 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.480098963 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.480185032 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.480237007 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.481038094 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.481053114 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.481113911 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.481868982 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.482036114 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.482081890 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.482728004 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.482964993 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.483014107 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.483619928 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.483670950 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.483719110 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.484551907 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.484569073 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.484623909 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.485378027 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.485528946 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.485584021 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.486258030 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.486332893 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.486393929 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.487174988 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.487245083 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.487320900 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.487987041 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.529269934 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.562480927 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.562540054 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.562596083 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.562870026 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.563060045 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.563108921 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.563728094 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.563807964 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.563853979 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.564553976 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.564683914 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.564733982 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.565439939 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.565592051 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.565642118 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.566395044 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.566493034 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.566539049 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.567233086 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.567318916 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.567369938 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.568082094 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.568178892 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.568226099 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.569027901 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.569164038 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.569207907 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.569875002 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.570023060 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.570067883 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.570869923 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.570939064 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.570986986 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.571660995 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.571795940 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.571844101 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.572556019 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.572647095 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.572695017 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.573334932 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.573462009 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.573508978 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.574199915 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.574317932 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.574366093 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.575043917 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.575253963 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.575309038 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.575916052 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.576159954 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.576219082 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.576812029 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.576903105 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.576956034 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.577701092 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.577764988 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.577811003 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.578556061 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.578764915 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.578811884 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.579498053 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.579514027 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.579577923 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.580284119 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.580472946 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.580528975 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.581188917 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.581288099 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.581381083 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.582062960 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.582175016 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.582226038 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.582904100 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.583058119 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.583105087 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.583780050 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.583930016 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.583978891 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.584680080 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.584809065 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.584871054 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.585534096 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.585725069 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.585858107 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.586411953 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.586555004 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.586612940 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.587301016 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.587380886 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.587431908 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.588149071 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.588259935 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.588310957 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.589037895 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.589188099 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.589243889 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.589939117 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.589987993 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.590044022 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.590806007 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.590879917 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.590958118 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.591653109 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.591813087 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.591867924 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.592557907 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.592678070 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.592729092 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.593395948 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.593487978 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.593538046 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.594347954 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.594408035 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.594472885 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.595125914 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.595269918 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.595347881 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.596123934 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.596249104 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.596303940 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.669620991 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.669758081 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.669809103 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.669991016 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.670123100 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.670164108 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.670778036 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.670861959 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.670906067 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.671675920 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.671768904 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.671813011 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.672763109 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.672872066 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.672919989 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.673413038 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.673510075 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.673568010 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.674263954 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.674653053 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.674767971 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.675133944 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.675266981 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.675317049 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.676157951 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.676239967 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.676296949 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.677089930 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.677176952 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.677234888 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.677917004 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.678127050 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.678174973 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.678735971 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.678910017 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.678963900 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.679512978 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.679636002 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.679688931 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.680334091 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.732352972 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.754648924 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.754703045 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.754757881 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.755069971 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.755189896 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.755235910 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.755949020 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.756100893 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.756145000 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.756768942 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.756870985 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.756920099 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.757663012 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.757745028 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.757787943 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.758517981 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.758565903 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.758611917 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.759401083 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.759504080 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.759582043 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.760291100 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.760353088 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.760402918 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.761149883 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.761271954 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.761324883 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.762029886 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.762095928 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.762145042 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.762917995 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.763037920 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.763082027 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.763890982 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.764039040 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.764089108 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.764642954 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.764792919 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.764841080 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.765515089 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.765646935 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.765691042 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.766419888 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.766577959 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.766622066 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.767252922 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.767359018 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.767400980 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.768131018 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.768218040 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.768258095 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.769052982 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.769176960 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.769223928 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.769893885 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.770009995 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.770047903 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.770953894 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.770982027 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.771028996 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.771694899 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.771755934 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.771809101 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.772516012 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.772649050 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.772694111 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.773397923 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.773538113 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.773592949 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.774365902 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.774420023 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.774471998 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.775100946 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.775234938 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.775279999 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.776093006 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.776231050 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.776278019 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.776931047 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.777082920 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.777127028 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.777893066 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.778028011 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.778076887 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.778736115 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.778808117 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.778852940 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.779628992 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.779679060 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.779720068 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.780474901 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.780556917 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.780601025 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.781255960 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.781363964 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.781409025 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.782180071 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.782250881 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.782298088 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.783041000 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.783210993 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.783255100 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.783890963 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.784054995 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.784105062 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.784754038 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.784851074 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.784893036 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.785630941 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.785721064 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.785765886 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.786597967 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.786787033 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.786828041 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.787744999 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.787833929 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.787877083 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.788247108 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.788331985 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.788366079 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.861902952 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.861916065 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.861979008 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.862102032 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.862184048 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.862221956 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.862999916 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.863101006 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.863140106 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.863929987 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.863953114 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.863990068 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.864801884 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.864849091 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.864886999 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.865549088 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.865672112 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.865712881 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.866462946 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.866565943 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.866600990 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.867372990 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.867433071 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.867471933 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.868582964 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.868675947 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.868712902 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.869055033 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.869180918 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.869215012 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.869977951 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.870152950 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.870201111 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.870887041 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.871032000 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.871072054 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.871754885 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.871813059 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.871851921 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.872519970 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.919882059 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.946774006 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.946820974 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.946871996 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.947254896 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.947334051 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.947371006 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.948072910 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.948132038 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.948169947 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.948915005 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.949043036 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.949080944 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.949784040 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.949970961 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.950009108 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.950684071 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.950726032 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.950767994 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.951530933 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.951628923 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.951667070 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.952411890 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.952558994 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.952596903 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.953294992 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.953366041 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.953404903 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.954145908 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.954266071 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.954308987 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.955043077 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.955149889 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.955185890 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.955905914 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.956026077 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.956065893 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.956784010 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.956913948 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.956948996 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.957686901 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.957842112 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.957891941 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.958565950 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.958664894 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.958708048 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.959475994 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.959556103 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.959590912 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.960283041 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.960365057 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.960398912 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.961157084 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.961266041 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.961302996 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.962029934 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.962248087 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.962287903 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.964030027 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.964088917 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.964099884 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.964126110 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.964270115 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.964318037 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.964627028 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.964813948 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.964850903 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.965532064 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.965667009 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.965706110 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.966377974 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.966515064 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.966552019 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.967252016 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.967364073 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.967398882 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.968148947 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.968234062 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.968271017 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.969084978 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.969207048 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.969249964 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.969954014 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.969994068 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.970030069 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.970772028 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.970873117 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.970910072 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.971653938 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.971730947 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.971769094 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.972544909 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.972609997 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.972661972 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.973359108 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.973469973 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.973510981 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.974225998 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.974339962 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.974375010 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.975295067 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.975357056 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.975389957 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.976217985 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.976448059 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.976483107 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.976896048 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.976963043 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.977003098 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.977832079 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.977965117 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.978003979 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.978599072 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.978679895 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.978720903 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.979475975 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.979602098 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.979644060 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:03.980355978 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.980483055 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:03.980526924 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.053996086 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.054141998 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.054276943 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.054363012 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.054477930 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.054517984 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.055295944 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.055403948 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.055445910 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.056147099 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.056257010 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.056293964 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.057024002 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.057082891 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.057127953 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.057878971 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.057995081 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.058031082 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.058768034 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.058847904 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.058887959 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.059639931 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.059756041 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.059796095 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.060497999 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.060605049 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.060652018 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.061404943 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.061552048 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.061597109 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.062578917 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.062736988 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.062777042 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.063277960 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.063332081 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.063369036 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.063982010 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.064107895 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.064146996 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.064842939 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.107454062 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.139064074 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.139169931 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.139236927 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.139385939 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.139492035 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.139545918 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.140191078 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.140330076 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.140374899 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.141098022 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.141590118 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.141638994 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.141911030 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.142040968 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.142080069 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.142868042 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.142978907 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.143017054 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.143753052 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.143831968 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.143871069 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.144552946 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.144671917 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.144711018 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.145509005 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.145587921 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.145627975 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.146289110 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.146437883 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.146471977 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.147171021 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.147255898 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.147294044 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.148082018 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.148219109 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.148257971 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.148938894 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.149069071 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.149116993 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.149794102 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.149885893 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.149938107 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.150660038 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.150773048 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.151434898 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.151523113 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.151696920 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.151801109 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.152437925 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.152545929 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.153297901 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.153309107 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.153407097 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.154242992 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.154292107 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.154556990 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.154618025 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.155061960 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.155221939 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.155951023 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.156002045 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.156033039 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.156085014 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.156781912 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.156961918 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.157696009 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.157711029 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.157790899 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.158597946 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.158651114 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.158720016 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.158772945 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.159501076 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.159569979 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.160491943 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.160541058 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.160551071 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.160598040 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.161183119 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.161320925 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.162014961 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.162064075 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.162101984 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.162153006 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.162925959 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.163043022 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.163806915 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.163851023 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.163886070 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.163928986 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.164661884 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.164764881 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.165555954 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.165575981 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.165642977 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.166429043 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.166476011 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.166558981 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.166600943 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.167339087 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.167474031 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.168195963 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.168241024 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.168281078 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.168323994 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.169212103 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.169323921 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.169956923 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.170007944 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.170047045 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.170088053 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.170783997 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.170916080 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.171716928 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.171765089 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.171773911 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.171813011 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.172638893 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.172674894 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.173568964 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.246063948 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.246150970 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.246207952 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.246285915 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.246330976 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.247169018 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.247217894 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.247272015 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.247308969 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.248038054 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.248151064 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.248904943 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.248945951 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.249026060 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.249062061 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.249777079 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.249921083 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.249973059 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.250677109 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.250829935 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.253314018 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.253319979 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.253381014 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.253397942 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.253410101 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.253422022 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.253437042 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.253454924 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.253506899 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.254352093 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.254501104 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.255306005 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.255359888 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.255625963 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.255667925 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.256159067 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.256198883 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.257294893 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.257438898 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.257451057 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.257492065 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.331289053 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.331309080 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.331499100 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.331653118 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.331728935 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.331779003 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.332468033 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.332582951 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.332632065 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.333304882 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.333417892 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.333466053 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.334399939 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.334530115 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.334578037 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.335097075 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.335206985 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.335248947 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.335942030 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.336066961 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.336112976 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.336808920 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.336937904 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.336983919 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.337706089 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.337766886 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.337810993 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.338623047 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.338721037 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.338768005 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.339449883 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.339571953 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.339617968 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.340312004 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.340439081 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.340486050 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.341227055 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.341317892 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.341362000 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.342088938 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.342242956 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.342289925 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.342966080 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.343087912 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.343132019 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.343822956 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.343950033 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.343995094 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.344712973 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.344816923 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.344863892 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.345568895 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.345726013 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.345773935 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.346524000 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.346743107 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.346793890 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.347472906 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.347575903 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.347621918 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.348218918 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.348299026 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.348346949 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.349081039 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.349205971 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.349255085 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.349992037 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.350074053 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.350119114 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.350846052 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.351018906 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.351067066 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.351723909 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.351933956 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.351984024 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.352554083 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.352833033 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.352885008 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.353446007 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.353569031 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.353635073 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.354324102 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.354465961 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.354515076 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.355187893 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.355304003 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.355350971 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.356065989 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.356185913 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.356229067 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.356940031 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.357054949 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.357103109 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.357830048 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.357992887 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.358031988 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.358747959 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.358795881 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.358843088 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.359611034 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.359731913 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.359792948 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.360438108 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.360732079 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.360775948 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.361330986 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.361457109 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.361501932 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.362181902 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.362277031 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.362325907 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.363055944 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.363234997 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.363284111 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.363917112 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.364034891 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.364083052 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.364787102 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.364887953 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.364937067 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.438430071 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.438500881 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.438786030 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.438922882 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.438957930 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.438977003 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.438997984 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.439678907 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.439804077 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.439862967 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.440562010 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.440674067 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.441426992 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.441478014 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.441546917 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.441592932 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.442312002 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.442450047 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.443279028 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.443517923 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.443598032 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.444051027 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.444112062 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.444152117 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.444207907 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.444924116 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.444997072 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.445060968 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.445534945 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.445625067 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.446341991 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.446404934 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.446441889 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.446500063 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.447226048 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.447360992 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.447427034 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.448098898 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.448204994 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.448976994 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.449038029 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.449064970 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.449116945 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.523329973 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.523478985 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.523489952 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.523565054 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.523668051 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.524370909 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.524430037 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.524461031 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.524513006 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.525255919 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.525336981 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.525424004 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.526134014 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.526225090 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.526473999 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.526985884 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.527040005 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.527092934 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.527848959 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.527982950 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.528033972 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.528763056 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.528820038 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.528867960 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.529588938 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.529694080 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.529738903 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.530623913 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.530644894 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.530688047 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.531358957 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.531399012 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.531445026 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.532222986 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.532351017 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.532397985 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.533116102 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.533227921 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.533274889 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.533947945 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.534082890 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.534130096 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.534854889 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.534948111 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.534992933 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.535739899 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.535806894 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.535852909 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.536596060 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.536714077 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.536766052 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.537468910 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.537575006 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.537617922 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.538319111 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.538472891 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.538520098 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.539235115 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.539279938 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.539330959 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.540072918 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.540194988 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.540241957 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.540966988 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.541043997 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.541089058 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.541866064 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.541934013 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.541984081 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.542705059 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.542810917 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.542859077 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.543658972 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.543709040 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.543756008 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.544481993 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.544625998 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.544672966 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.545351028 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.545464039 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.545509100 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.546221972 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.546268940 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.546314955 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.547106981 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.547219038 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.547262907 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.547935009 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.548037052 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.548084974 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.548825026 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.548921108 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.548966885 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.549660921 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.549824953 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.549875021 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.550554037 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.550705910 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.550750971 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.551554918 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.551635981 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.551680088 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.552419901 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.552529097 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.552571058 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.553181887 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.553307056 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.553354979 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.554112911 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.554177046 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.554223061 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.554974079 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.555073023 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.555119038 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.555814981 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.555943966 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.555990934 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.556673050 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.556783915 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.556833982 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.557523966 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.607470036 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.630779982 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.630892038 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.631047964 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.631122112 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.631222010 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.631272078 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.631964922 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.632137060 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.632186890 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.632833958 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.632966042 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.633013010 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.633749008 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.633761883 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.633805037 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.634588957 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.634681940 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.634732008 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.635487080 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.635592937 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.635642052 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.636409998 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.636476040 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.636523008 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.637216091 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.637330055 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.637377024 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.638096094 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.638211966 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.638258934 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.638998032 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.639141083 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.639265060 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.639856100 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.640007973 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.640068054 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.640779972 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.640963078 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.641024113 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.641583920 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.685488939 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.715740919 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.715972900 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.716027021 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.716161966 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.716530085 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.716583967 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.717019081 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.717073917 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.717120886 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.717883110 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.717992067 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.718039036 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.718929052 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.719018936 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.719065905 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.719753027 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.719825983 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.719877005 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.720547915 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.720704079 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.720784903 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.721395016 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.721523046 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.721570015 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.722265005 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.722387075 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.722424030 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.723180056 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.723285913 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.723347902 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.724076986 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.724315882 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.724363089 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.724905014 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.725156069 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.725199938 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.725764036 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.725922108 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.725965023 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.726639986 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.726735115 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.726783991 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.727562904 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.727664948 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.727713108 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.728367090 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.728435040 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.728492022 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.729266882 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.729357004 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.729404926 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.730145931 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.730287075 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.730340958 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.731007099 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.731110096 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.731154919 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.731898069 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.732198954 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.732245922 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.732737064 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.732795000 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.732841969 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.733613968 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.733728886 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.733798981 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.734493971 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.734656096 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.734703064 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.735413074 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.735466957 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.735515118 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.736279964 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.736392975 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.736440897 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.737123966 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.737238884 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.737289906 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.738013983 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.738102913 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.738147974 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.738881111 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.739027977 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.739126921 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.739736080 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.739913940 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.739959002 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.740598917 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.740746021 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.740803003 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.741513968 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.741576910 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.741621017 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.742384911 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.742490053 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.742537975 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.743232965 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.743339062 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.743446112 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.744091034 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.744209051 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.744272947 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.745012999 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.745105982 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.745153904 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.745831966 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.745980024 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.746028900 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.746754885 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.746813059 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.746918917 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.747639894 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.747711897 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.747757912 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.748460054 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.748625994 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.748874903 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.749341965 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.749428988 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.749475956 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.822947025 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.822992086 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.823049068 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.823340893 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.823446035 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.823496103 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.824265957 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.824352980 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.824398041 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.825098038 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.825269938 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.825314999 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.825972080 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.826071024 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.826131105 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.826886892 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.827039003 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.827085972 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.827693939 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.827836037 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.827884912 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.828620911 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.828777075 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.828871965 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.829487085 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.829615116 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.829670906 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.830342054 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.830585003 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.830667019 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.831195116 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.831270933 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.831326962 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.832112074 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.832217932 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.832274914 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.832936049 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.833060980 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.833110094 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.833802938 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.873142004 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.907788038 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.907933950 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.907991886 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.908211946 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.908417940 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.908468008 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.909091949 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.909250975 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.909293890 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.910015106 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.910135984 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.910186052 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.910904884 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.910954952 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.911006927 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.911736012 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.911830902 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.911885023 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.912623882 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.912754059 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.912800074 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.913520098 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.913708925 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.913767099 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.914360046 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.914505005 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.914561987 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.915256977 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.915399075 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.915445089 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.916090965 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.916208982 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.916255951 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.916977882 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.917076111 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.917124033 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.917849064 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.917949915 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.917995930 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.918705940 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.918840885 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.918891907 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.919636965 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.919819117 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.920011997 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.920478106 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.920558929 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.920607090 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.921360016 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.921439886 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.921484947 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.922199965 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.922303915 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.922350883 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.923075914 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.923202991 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.923250914 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.923949003 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.924076080 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.924124956 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.924812078 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.924987078 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.925034046 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.925705910 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.925818920 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.925864935 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.926577091 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.926717997 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.926764011 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.927483082 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.927555084 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.927603960 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.928456068 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.928585052 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.928632021 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.929394960 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.929754019 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.929800987 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.930668116 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.930859089 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.930903912 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.931509018 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.931521893 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.931581974 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.932365894 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.932441950 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.932487011 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.933032036 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.933197975 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.933242083 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.933748007 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.933830023 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.933876038 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.934844971 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.934956074 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.935002089 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.935324907 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.935437918 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.935532093 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.936196089 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.936352015 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.936397076 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.937102079 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.937189102 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.937232971 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.937942982 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.938119888 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.938191891 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.938822031 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.938925028 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.938970089 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.939735889 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.939798117 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.939843893 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.940643072 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.940720081 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.940767050 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:04.941422939 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.941555977 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:04.941603899 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.015769005 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.015875101 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.015991926 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.016251087 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.016262054 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.016316891 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.016762018 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.016911983 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.017769098 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.017821074 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.017844915 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.017904043 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.018320084 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.018384933 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.018836021 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.018852949 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.018930912 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.018984079 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.019521952 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.019627094 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.019675016 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.020267963 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.020380020 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.020420074 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.021177053 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.021258116 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.021298885 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.022034883 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.022072077 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.022164106 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.022922993 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.023003101 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.023051023 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.023802996 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.023901939 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.023964882 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.024796009 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.024981022 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.025826931 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.025851011 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.025891066 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.025929928 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.099906921 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.099939108 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.100011110 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.100064039 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.100298882 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.100338936 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.100990057 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.101099968 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.101142883 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.101828098 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.101905107 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.101948023 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.102447987 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.102586031 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.102629900 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.103343010 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.103435993 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.103482962 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.104228973 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.104331970 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.104378939 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.105074883 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.105195999 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.105242968 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.106174946 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.106230974 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.106276035 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.106839895 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.107033968 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.107088089 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.107705116 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.107822895 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.107867002 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.108566046 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.108689070 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.108746052 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.109447002 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.109569073 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.109613895 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.110378981 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.110467911 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.110516071 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.111208916 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.111298084 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.111346960 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.112093925 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.112190962 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.112240076 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.112973928 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.113055944 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.113100052 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.113828897 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.113945961 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.113992929 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.114694118 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.114782095 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.114834070 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.115585089 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.115725040 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.115781069 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.116485119 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.116586924 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.116632938 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.117311001 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.117438078 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.117484093 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.118196964 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.118366957 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.118412018 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.119079113 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.119226933 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.119275093 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.119931936 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.120057106 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.120099068 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.120826006 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.120937109 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.120985031 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.121706963 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.121829033 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.121870041 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.122587919 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.122663021 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.122709036 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.123477936 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.123644114 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.124435902 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.124495029 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.124531031 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.124583006 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.125219107 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.125340939 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.125395060 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.126065969 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.126157999 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.126969099 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.127024889 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.127079010 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.127134085 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.127819061 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.127934933 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.128705025 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.128753901 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.128825903 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.128871918 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.129744053 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.129755974 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.129805088 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.130745888 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.130939007 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.131319046 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.131381035 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.131407976 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.131460905 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.132272959 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.132376909 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.133135080 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.133239031 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.133306026 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.133951902 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.185523033 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.207037926 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.207077026 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.207246065 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.207472086 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.207665920 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.207716942 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.207775116 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.208539009 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.208583117 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.208653927 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.209414959 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.209464073 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.209476948 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.210285902 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.210330963 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.210355997 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.211154938 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.211199045 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.211221933 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.212022066 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.212068081 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.212136984 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.212892056 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.212939024 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.213001013 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.213783026 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.213825941 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.213852882 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.214941978 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.214982033 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.214993000 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.215595961 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.215646029 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.215675116 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.216432095 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.216476917 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.216543913 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.217286110 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.217331886 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.217345953 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.218092918 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.218141079 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.292344093 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.292521000 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.292579889 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.292898893 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.292998075 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.293042898 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.293606997 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.293657064 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.293698072 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.294413090 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.294513941 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.294555902 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.295324087 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.295433998 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.295476913 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.296160936 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.296268940 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.296313047 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.297049046 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.297130108 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.297175884 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.298115015 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.298167944 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.298211098 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.298803091 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.298945904 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.298995972 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.299832106 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.299942017 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.299987078 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.300741911 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.300879955 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.300923109 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.301420927 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.301523924 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.301567078 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.302295923 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.302392006 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.302443981 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.303201914 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.303327084 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.303368092 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.304083109 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.304141998 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.304182053 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.304961920 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.305042982 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.305082083 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.305807114 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.305955887 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.305998087 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.306673050 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.306777954 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.306818962 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.307569027 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.307657957 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.307698011 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.308492899 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.308653116 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.308692932 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.309325933 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.309446096 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.309490919 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.310157061 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.310270071 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.310316086 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.311060905 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.311160088 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.311204910 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.311912060 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.312016010 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.312061071 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.312786102 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.312907934 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.312962055 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.313668013 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.313831091 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.313874960 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.314822912 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.314899921 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.314949036 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.315416098 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.315531969 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.315577984 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.316289902 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.316375017 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.316421032 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.317162991 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.317271948 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.317331076 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.318048954 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.318165064 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.318208933 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.319093943 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.319192886 CET84444971093.127.198.62192.168.2.6
                  Dec 26, 2024 09:49:05.319242001 CET497108444192.168.2.693.127.198.62
                  Dec 26, 2024 09:49:05.319801092 CET84444971093.127.198.62192.168.2.6

                  Click to jump to process

                  Click to jump to process

                  Click to dive into process behavior distribution

                  Target ID:0
                  Start time:03:48:55
                  Start date:26/12/2024
                  Path:C:\Users\user\Desktop\biubiu.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Users\user\Desktop\biubiu.exe"
                  Imagebase:0x7ff7f39c0000
                  File size:1'542'184 bytes
                  MD5 hash:E49CB409DF10BB4EF5E2F024995146FB
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:Go lang
                  Reputation:low
                  Has exited:true

                  Reset < >

                    Execution Graph

                    Execution Coverage:1.9%
                    Dynamic/Decrypted Code Coverage:1.4%
                    Signature Coverage:39.7%
                    Total number of Nodes:1404
                    Total number of Limit Nodes:33
                    execution_graph 83991 7ff7f39e5504 83994 7ff7f3a0d650 83991->83994 84022 7ff7f3a0d21c 83994->84022 83997 7ff7f3a0d6de 84032 7ff7f3a0d5a4 6 API calls 83997->84032 83999 7ff7f3a0d6eb RaiseException 84016 7ff7f39e5543 83999->84016 84000 7ff7f3a0d810 84003 7ff7f3a0d8da 84000->84003 84010 7ff7f3a0d870 GetProcAddress 84000->84010 84001 7ff7f3a0d790 LoadLibraryExA 84004 7ff7f3a0d7a7 GetLastError 84001->84004 84005 7ff7f3a0d7fc 84001->84005 84002 7ff7f3a0d8fc 84036 7ff7f3a0d5a4 6 API calls 84002->84036 84035 7ff7f3a0d130 6 API calls 84003->84035 84006 7ff7f3a0d7d1 84004->84006 84014 7ff7f3a0d7bc 84004->84014 84005->84000 84007 7ff7f3a0d807 FreeLibrary 84005->84007 84033 7ff7f3a0d5a4 6 API calls 84006->84033 84007->84000 84008 7ff7f3a0d707 84008->84000 84008->84001 84008->84002 84008->84005 84010->84003 84013 7ff7f3a0d885 GetLastError 84010->84013 84017 7ff7f3a0d89a 84013->84017 84014->84005 84014->84006 84015 7ff7f3a0d7de RaiseException 84015->84016 84017->84003 84034 7ff7f3a0d5a4 6 API calls 84017->84034 84019 7ff7f3a0d8bc RaiseException 84020 7ff7f3a0d21c 6 API calls 84019->84020 84021 7ff7f3a0d8d6 84020->84021 84021->84003 84023 7ff7f3a0d2d0 84022->84023 84024 7ff7f3a0d232 84022->84024 84023->83997 84023->84008 84024->84023 84025 7ff7f3a0d23f 84024->84025 84037 7ff7f3a0d2d8 GetModuleHandleW GetProcAddress GetProcAddress 84025->84037 84027 7ff7f3a0d244 84028 7ff7f3a0d2a2 84027->84028 84038 7ff7f3a0d4ac VirtualQuery GetSystemInfo VirtualProtect DloadMakePermanentImageCommit 84027->84038 84039 7ff7f3a0d2d8 GetModuleHandleW GetProcAddress GetProcAddress 84028->84039 84031 7ff7f3a0d2a7 84031->84023 84032->83999 84033->84015 84034->84019 84035->84002 84036->84016 84037->84027 84038->84028 84039->84031 84040 7ff7f39e5814 84063 7ff7f39e5a50 84040->84063 84043 7ff7f39e5960 84339 7ff7f39e60f8 7 API calls 2 library calls 84043->84339 84044 7ff7f39e5830 84046 7ff7f39e596a 84044->84046 84054 7ff7f39e584e __scrt_release_startup_lock 84044->84054 84340 7ff7f39e60f8 7 API calls 2 library calls 84046->84340 84048 7ff7f39e5975 BuildCatchObjectHelperInternal 84049 7ff7f39e5873 84050 7ff7f39e58f9 84071 7ff7f39e6240 84050->84071 84052 7ff7f39e58fe 84074 7ff7f39f89d0 84052->84074 84054->84049 84054->84050 84336 7ff7f39ec920 47 API calls __GSHandlerCheck_EH 84054->84336 84064 7ff7f39e5a58 84063->84064 84065 7ff7f39e5a64 __scrt_dllmain_crt_thread_attach 84064->84065 84066 7ff7f39e5a71 84065->84066 84070 7ff7f39e5828 84065->84070 84341 7ff7f39fab5c 84066->84341 84070->84043 84070->84044 84358 7ff7f3a0fd90 84071->84358 84073 7ff7f39e6257 GetStartupInfoW 84073->84052 84360 7ff7f3a03be4 84074->84360 84076 7ff7f39f89df 84077 7ff7f39e5906 84076->84077 84366 7ff7f3a03f20 47 API calls TranslateName 84076->84366 84079 7ff7f39d1740 84077->84079 84369 7ff7f39e6878 84079->84369 84084 7ff7f39d177c 84085 7ff7f39d17a4 84084->84085 84414 7ff7f39dfae0 GetSystemDirectoryW 84084->84414 84086 7ff7f39d17b4 84085->84086 84087 7ff7f39d17c4 GetCurrentProcess NtSetInformationProcess 84085->84087 84425 7ff7f39ecc48 84086->84425 84087->84086 84094 7ff7f39d1874 OleInitialize InitCommonControlsEx 84096 7ff7f39d18cb InitializeCriticalSection 84094->84096 84502 7ff7f39e59d0 84096->84502 84102 7ff7f39d18ef __scrt_get_show_window_mode 84511 7ff7f39d4230 EnterCriticalSection GetCurrentThreadId 84102->84511 84105 7ff7f39d9c10 5 API calls 84107 7ff7f39d1851 84105->84107 84109 7ff7f39d9c10 5 API calls 84107->84109 84111 7ff7f39d1866 84109->84111 84447 7ff7f39c7930 84111->84447 84114 7ff7f39d1966 GetModuleHandleW CreateWindowExW IsDebuggerPresent 84116 7ff7f39d19c0 84114->84116 84115 7ff7f39d1956 IsDebuggerPresent 84115->84114 84117 7ff7f39d1960 DebugBreak 84115->84117 84118 7ff7f39d19d0 GetCommandLineW 84116->84118 84117->84114 84532 7ff7f39c94a0 84118->84532 84122 7ff7f39d19f8 84578 7ff7f39d72c4 84122->84578 84125 7ff7f39d1a39 84585 7ff7f39d02c8 84125->84585 84128 7ff7f39d1a1f 84130 7ff7f39d9c10 5 API calls 84128->84130 84131 7ff7f39d1a31 84130->84131 84684 7ff7f39da648 18 API calls std::_Throw_Cpp_error 84131->84684 84133 7ff7f39d1a69 GetModuleHandleW FindResourceW 84136 7ff7f39d1a85 84133->84136 84137 7ff7f39d1ab8 84133->84137 84134 7ff7f39d1ad1 84135 7ff7f39d1b1a GetCommandLineW 84134->84135 84142 7ff7f39d0e5c 20 API calls 84134->84142 84138 7ff7f39d1b2d 84135->84138 84139 7ff7f39d1b28 84135->84139 84140 7ff7f39dba60 23 API calls 84136->84140 84137->84134 84686 7ff7f39d8c48 84138->84686 84639 7ff7f39d93d0 84139->84639 84143 7ff7f39d1a8a 84140->84143 84146 7ff7f39d1af0 84142->84146 84152 7ff7f39d72c4 56 API calls 84143->84152 84146->84135 84151 7ff7f39d9c10 5 API calls 84146->84151 84149 7ff7f39d1c15 84154 7ff7f39d1c22 84149->84154 84155 7ff7f39d1cab 84149->84155 84150 7ff7f39d1b7c GetModuleHandleW FindResourceW 84150->84149 84156 7ff7f39d1b98 84150->84156 84157 7ff7f39d1b07 84151->84157 84153 7ff7f39d1aa4 84152->84153 84153->84137 84163 7ff7f39d72c4 56 API calls 84153->84163 84709 7ff7f39db9b4 111 API calls 84154->84709 84158 7ff7f39d1d43 84155->84158 84159 7ff7f39d1cb4 GetModuleHandleW FindResourceW 84155->84159 84703 7ff7f39cce1c 126 API calls 84156->84703 84157->84135 84685 7ff7f39d9470 59 API calls 84157->84685 84164 7ff7f39d1d56 84158->84164 84165 7ff7f39d1d48 84158->84165 84166 7ff7f39d1d35 84159->84166 84167 7ff7f39d1cd0 84159->84167 84163->84137 84173 7ff7f39d2216 84164->84173 84174 7ff7f39d1d66 84164->84174 84749 7ff7f39d3a50 354 API calls __scrt_get_show_window_mode 84165->84749 84748 7ff7f39cc834 379 API calls 84166->84748 84746 7ff7f39dd2f0 10 API calls 84167->84746 84168 7ff7f39d1c27 GetModuleHandleW FindResourceW 84175 7ff7f39d1c43 84168->84175 84176 7ff7f39d1c5b 84168->84176 84169 7ff7f39d1b9d 84177 7ff7f39dba60 23 API calls 84169->84177 84209 7ff7f39d1ba5 84169->84209 84183 7ff7f39d2281 84173->84183 84184 7ff7f39d2222 84173->84184 84182 7ff7f39d93d0 111 API calls 84174->84182 84710 7ff7f39d9150 84175->84710 84742 7ff7f39cc7b8 147 API calls 84176->84742 84187 7ff7f39d1be6 84177->84187 84178 7ff7f39d1d3a ExitProcess 84180 7ff7f39d1d4d ExitProcess 84190 7ff7f39d1d72 84182->84190 84647 7ff7f39d132c GetModuleHandleW FindResourceW 84183->84647 84192 7ff7f39d93d0 111 API calls 84184->84192 84194 7ff7f39d9de8 5 API calls 84187->84194 84188 7ff7f39d1c70 84196 7ff7f39d1c89 84188->84196 84204 7ff7f39d9150 111 API calls 84188->84204 84750 7ff7f39db9b4 111 API calls 84190->84750 84200 7ff7f39d222e 84192->84200 84202 7ff7f39d1bee 84194->84202 84744 7ff7f39db9e4 77 API calls 4 library calls 84196->84744 84199 7ff7f39d2286 84215 7ff7f39d228f ExitProcess 84199->84215 84223 7ff7f39d2298 84199->84223 84763 7ff7f39db9b4 111 API calls 84200->84763 84201 7ff7f39d1c56 84747 7ff7f39c9fdc 29 API calls __std_exception_destroy 84201->84747 84202->84209 84708 7ff7f39f6f2c 47 API calls 3 library calls 84202->84708 84203 7ff7f39d1bb3 84210 7ff7f39d1c10 84203->84210 84211 7ff7f39d1bb8 84203->84211 84212 7ff7f39d1c82 84204->84212 84206 7ff7f39d1d77 84751 7ff7f39d3e00 136 API calls 84206->84751 84208 7ff7f39d2233 84216 7ff7f39d2243 84208->84216 84217 7ff7f39d223d Sleep 84208->84217 84704 7ff7f39f414c 13 API calls 2 library calls 84209->84704 84210->84149 84705 7ff7f39d14dc 129 API calls 2 library calls 84211->84705 84743 7ff7f39db034 16 API calls 84212->84743 84213 7ff7f39d1c91 84745 7ff7f39c9fdc 29 API calls __std_exception_destroy 84213->84745 84764 7ff7f39da728 22 API calls 84216->84764 84217->84216 84221 7ff7f39d1d83 84221->84173 84227 7ff7f39d93d0 111 API calls 84221->84227 84225 7ff7f39d1bbd 84706 7ff7f39db9e4 77 API calls 4 library calls 84225->84706 84230 7ff7f39d1daa 84227->84230 84228 7ff7f39d224f 84233 7ff7f39d93d0 111 API calls 84228->84233 84752 7ff7f39dd578 23 API calls 84230->84752 84231 7ff7f39d1bc2 84707 7ff7f39c9fdc 29 API calls __std_exception_destroy 84231->84707 84236 7ff7f39d226d 84233->84236 84235 7ff7f39d1db6 84753 7ff7f39db9e4 77 API calls 4 library calls 84235->84753 84236->84183 84239 7ff7f39d2273 84236->84239 84765 7ff7f39db9e4 77 API calls 4 library calls 84239->84765 84240 7ff7f39d1dbb 84243 7ff7f39d1df1 84240->84243 84754 7ff7f39da648 18 API calls std::_Throw_Cpp_error 84240->84754 84242 7ff7f39d2278 ExitProcess 84246 7ff7f39d1e12 ExitProcess 84243->84246 84247 7ff7f39d1e1c 84243->84247 84245 7ff7f39d1ddc 84245->84243 84755 7ff7f39dbed0 120 API calls __scrt_get_show_window_mode 84245->84755 84756 7ff7f39f414c 13 API calls 2 library calls 84247->84756 84250 7ff7f39d1e24 84253 7ff7f39d1e44 84250->84253 84757 7ff7f39f414c 13 API calls 2 library calls 84250->84757 84252 7ff7f39d1e75 84255 7ff7f39d1e83 DestroyCursor 84252->84255 84258 7ff7f39d1e9b 84252->84258 84253->84252 84254 7ff7f39d1e4a IsDebuggerPresent 84253->84254 84758 7ff7f39d0590 170 API calls 2 library calls 84253->84758 84254->84253 84256 7ff7f39d1e54 DebugBreak 84254->84256 84255->84252 84256->84253 84259 7ff7f39d1ed6 DeleteObject DeleteObject 84258->84259 84759 7ff7f39f414c 13 API calls 2 library calls 84258->84759 84261 7ff7f39d1f05 84259->84261 84262 7ff7f39d1f5f 84259->84262 84264 7ff7f39d1f1a 84261->84264 84265 7ff7f39d1f0a IsDebuggerPresent 84261->84265 84762 7ff7f39d4140 28 API calls 2 library calls 84262->84762 84263 7ff7f39d1eb9 DeleteObject 84760 7ff7f39e5a0c 13 API calls 2 library calls 84263->84760 84264->84262 84266 7ff7f39d1f26 EnterCriticalSection 84264->84266 84265->84264 84268 7ff7f39d1f14 DebugBreak 84265->84268 84269 7ff7f39d1f35 84266->84269 84270 7ff7f39d1f3e LeaveCriticalSection DeleteCriticalSection 84266->84270 84268->84264 84269->84270 84761 7ff7f39e5a0c 13 API calls 2 library calls 84270->84761 84336->84050 84339->84046 84340->84048 84343 7ff7f3a07638 84341->84343 84342 7ff7f39e5a76 84342->84070 84345 7ff7f39e7ec0 7 API calls 2 library calls 84342->84345 84343->84342 84346 7ff7f39fcfa8 84343->84346 84345->84070 84357 7ff7f39fb0dc EnterCriticalSection 84346->84357 84348 7ff7f39fcfb8 84349 7ff7f39ff804 53 API calls 84348->84349 84350 7ff7f39fcfc1 84349->84350 84351 7ff7f39fcdb0 55 API calls 84350->84351 84356 7ff7f39fcfcf 84350->84356 84353 7ff7f39fcfca 84351->84353 84352 7ff7f39fb130 BuildCatchObjectHelperInternal LeaveCriticalSection 84354 7ff7f39fcfdb 84352->84354 84355 7ff7f39fcea0 GetStdHandle GetFileType 84353->84355 84354->84343 84355->84356 84356->84352 84359 7ff7f3a0fd80 84358->84359 84359->84073 84359->84359 84361 7ff7f3a03bf1 84360->84361 84362 7ff7f3a03c36 84360->84362 84367 7ff7f39fbfe0 52 API calls 3 library calls 84361->84367 84362->84076 84364 7ff7f3a03c20 84368 7ff7f3a038bc 67 API calls 3 library calls 84364->84368 84366->84076 84367->84364 84368->84362 84766 7ff7f39e6900 84369->84766 84372 7ff7f39e68a1 84782 7ff7f39fa5c8 84372->84782 84373 7ff7f39e68de 84790 7ff7f39e7310 53 API calls 2 library calls 84373->84790 84379 7ff7f39e68f2 84791 7ff7f39e7310 53 API calls 2 library calls 84379->84791 84382 7ff7f39dfb70 84383 7ff7f39dfae0 20 API calls 84382->84383 84384 7ff7f39dfb82 84383->84384 84385 7ff7f39dfb9a 9 API calls 84384->84385 84386 7ff7f39dfb8a IsDebuggerPresent 84384->84386 84387 7ff7f39dfae0 20 API calls 84385->84387 84386->84385 84388 7ff7f39dfb94 DebugBreak 84386->84388 84389 7ff7f39dfc52 84387->84389 84388->84385 84390 7ff7f39dfc6a GetProcAddress 84389->84390 84391 7ff7f39dfc5a IsDebuggerPresent 84389->84391 84393 7ff7f39dfae0 20 API calls 84390->84393 84391->84390 84392 7ff7f39dfc64 DebugBreak 84391->84392 84392->84390 84394 7ff7f39dfc8d 84393->84394 84395 7ff7f39dfca5 7 API calls 84394->84395 84396 7ff7f39dfc95 IsDebuggerPresent 84394->84396 84398 7ff7f39dfae0 20 API calls 84395->84398 84396->84395 84397 7ff7f39dfc9f DebugBreak 84396->84397 84397->84395 84399 7ff7f39dfd3d 84398->84399 84400 7ff7f39dfe01 84399->84400 84401 7ff7f39dfd49 8 API calls 84399->84401 84402 7ff7f39dfae0 20 API calls 84400->84402 84401->84400 84403 7ff7f39dfe0d 84402->84403 84404 7ff7f39dfe15 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 84403->84404 84405 7ff7f39dfe88 84403->84405 84404->84405 84406 7ff7f39dfae0 20 API calls 84405->84406 84407 7ff7f39dfe94 84406->84407 84408 7ff7f39dfeb0 84407->84408 84409 7ff7f39dfe99 GetProcAddress 84407->84409 84410 7ff7f39dfae0 20 API calls 84408->84410 84409->84408 84411 7ff7f39dfebc 84410->84411 84412 7ff7f39dffc2 84411->84412 84413 7ff7f39dfec8 13 API calls 84411->84413 84412->84084 84413->84412 84415 7ff7f39dfb53 84414->84415 84416 7ff7f39dfb17 84414->84416 84418 7ff7f39e59b0 std::_Throw_Cpp_error 8 API calls 84415->84418 84417 7ff7f39dfb1c 84416->84417 84420 7ff7f39d8c48 5 API calls 84416->84420 84419 7ff7f39dfb34 PathAppendW 84417->84419 84421 7ff7f39dfb65 84418->84421 84419->84415 84423 7ff7f39dfb46 LoadLibraryExW 84419->84423 84422 7ff7f39dfb25 84420->84422 84421->84084 84805 7ff7f39e0118 84422->84805 84423->84415 84813 7ff7f39fcaf4 84425->84813 84427 7ff7f39ecc5e 84428 7ff7f39ec96c 81 API calls 84427->84428 84429 7ff7f39d17f8 SetErrorMode 84428->84429 84430 7ff7f39f4acc GetSystemTimeAsFileTime 84429->84430 84431 7ff7f39d180a 84430->84431 84432 7ff7f39f5ee0 84431->84432 84844 7ff7f39fbf0c GetLastError 84432->84844 84435 7ff7f39d0e5c 84887 7ff7f39db7d4 84435->84887 84438 7ff7f39d0e8c 84897 7ff7f39d8df4 84438->84897 84441 7ff7f39d9c10 84445 7ff7f39d9c21 84441->84445 84443 7ff7f39d9c70 84444 7ff7f39d183c 84443->84444 84446 7ff7f39d9c10 InitializeCriticalSection RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 84443->84446 84444->84105 84944 7ff7f39d8d74 84445->84944 84446->84444 84448 7ff7f39c7974 IsDebuggerPresent 84447->84448 84449 7ff7f39c796b 84447->84449 84450 7ff7f39c7984 84448->84450 84451 7ff7f39c797e DebugBreak 84448->84451 84449->84448 84449->84450 84483 7ff7f39c7989 84450->84483 84947 7ff7f39d7330 84450->84947 84451->84450 84453 7ff7f39d9150 111 API calls 84495 7ff7f39c7cd0 84453->84495 84454 7ff7f39c79ad 84951 7ff7f39c7730 84454->84951 84456 7ff7f39e59b0 std::_Throw_Cpp_error 8 API calls 84458 7ff7f39c7cec 84456->84458 84458->84094 84459 7ff7f39d93d0 111 API calls 84460 7ff7f39c79c7 84459->84460 84988 7ff7f39c6da4 GetCurrentProcessId CreateToolhelp32Snapshot 84460->84988 84464 7ff7f39c7a7a 84465 7ff7f39c7a92 GetModuleHandleW FindResourceExW 84464->84465 84464->84483 85004 7ff7f39c75bc 84465->85004 84470 7ff7f39e59d0 std::_Throw_Cpp_error 4 API calls 84471 7ff7f39c7abb HeapCreate 84470->84471 84472 7ff7f39c7b10 84471->84472 84473 7ff7f39c7aec 84471->84473 84475 7ff7f39d8c48 5 API calls 84472->84475 84474 7ff7f39d8c48 5 API calls 84473->84474 84476 7ff7f39c7af1 84474->84476 84475->84476 85025 7ff7f39c66d8 84476->85025 84481 7ff7f39c7c37 CreateEventW 84481->84483 84484 7ff7f39c7c5c CreateThread 84481->84484 84483->84453 84484->84483 84485 7ff7f39c7c8f SetUnhandledExceptionFilter AddVectoredExceptionHandler 84484->84485 85063 7ff7f39f56c8 84485->85063 84486 7ff7f39c7bd1 84490 7ff7f39e59d0 std::_Throw_Cpp_error 4 API calls 84486->84490 84488 7ff7f39c7bb8 85083 7ff7f39e5a0c 13 API calls 2 library calls 84488->85083 84491 7ff7f39c7bdb __scrt_get_show_window_mode 84490->84491 85084 7ff7f39ca144 114 API calls 3 library calls 84491->85084 84492 7ff7f39c7b87 84492->84486 84492->84488 85082 7ff7f39f414c 13 API calls 2 library calls 84492->85082 84495->84456 84498 7ff7f39c7c1c 85085 7ff7f39ca2e0 15 API calls __std_exception_destroy 84498->85085 84500 7ff7f39c7c2f 85086 7ff7f39f414c 13 API calls 2 library calls 84500->85086 84504 7ff7f39e59db 84502->84504 84503 7ff7f39e59f4 84503->84102 84504->84503 84505 7ff7f39fa550 std::_Throw_Cpp_error 2 API calls 84504->84505 84506 7ff7f39e59fa 84504->84506 84505->84504 84510 7ff7f39e5a05 84506->84510 85762 7ff7f39e6500 RtlPcToFileHeader RaiseException std::bad_alloc::bad_alloc std::_Xinvalid_argument 84506->85762 84509 7ff7f39e5a0b 85763 7ff7f39e6520 RtlPcToFileHeader RaiseException std::bad_alloc::bad_alloc std::_Xinvalid_argument 84510->85763 84512 7ff7f39d4298 __scrt_get_show_window_mode 84511->84512 84513 7ff7f39d42bc GetCurrentThreadId 84512->84513 84526 7ff7f39d4331 memcpy_s __scrt_get_show_window_mode 84512->84526 84518 7ff7f39d42dd 84513->84518 84514 7ff7f39d4564 LeaveCriticalSection 84515 7ff7f39e59b0 std::_Throw_Cpp_error 8 API calls 84514->84515 84516 7ff7f39d1926 84515->84516 84527 7ff7f39dab3c 84516->84527 84522 7ff7f39d43c6 memcpy_s 84518->84522 85764 7ff7f39d4694 IsDebuggerPresent DebugBreak __scrt_get_show_window_mode 84518->85764 84519 7ff7f39d454d IsDebuggerPresent 84520 7ff7f39d4557 DebugBreak 84519->84520 84519->84526 84520->84526 84521 7ff7f39d44a6 IsDebuggerPresent 84521->84522 84523 7ff7f39d44b0 DebugBreak 84521->84523 84522->84519 84522->84521 84524 7ff7f39d45a4 84522->84524 84522->84526 84523->84522 85765 7ff7f39d40e4 IsDebuggerPresent DebugBreak 84524->85765 84526->84514 84528 7ff7f3a0fd90 __scrt_get_show_window_mode 84527->84528 84529 7ff7f39dab5f GetModuleHandleW 84528->84529 85766 7ff7f39dce34 84529->85766 85776 7ff7f39e1148 84532->85776 84534 7ff7f39dde08 IsDebuggerPresent DebugBreak 84557 7ff7f39c94cb 84534->84557 84535 7ff7f39c9f6f 85779 7ff7f39ddaa4 84535->85779 84540 7ff7f39c9e84 84540->84557 85795 7ff7f39dbb58 35 API calls 3 library calls 84540->85795 84541 7ff7f39d93d0 111 API calls 84541->84557 84544 7ff7f39c9fcc 85796 7ff7f39c8864 89 API calls 3 library calls 84544->85796 84548 7ff7f39d7d4c 56 API calls 84548->84557 84549 7ff7f39f51a0 50 API calls 84549->84557 84551 7ff7f39ddc00 27 API calls 84551->84557 84552 7ff7f39c9e61 IsDebuggerPresent 84553 7ff7f39c9e6b DebugBreak 84552->84553 84552->84557 84553->84557 84554 7ff7f39c8f0c 84 API calls 84554->84557 84557->84534 84557->84535 84557->84540 84557->84541 84557->84544 84557->84548 84557->84549 84557->84551 84557->84552 84557->84554 84558 7ff7f39e1194 IsDebuggerPresent DebugBreak 84557->84558 85787 7ff7f39d813c 56 API calls 84557->85787 85788 7ff7f39dc530 20 API calls 2 library calls 84557->85788 85789 7ff7f39c7e1c 56 API calls 84557->85789 85790 7ff7f39c8fd4 66 API calls 84557->85790 85791 7ff7f39c9098 72 API calls __std_exception_destroy 84557->85791 85792 7ff7f39f6f2c 47 API calls 3 library calls 84557->85792 85793 7ff7f39c9458 13 API calls __std_exception_destroy 84557->85793 85794 7ff7f39d7268 47 API calls 84557->85794 84558->84557 84559 7ff7f39dba60 84560 7ff7f3a0fd90 __scrt_get_show_window_mode 84559->84560 84561 7ff7f39dba96 GetModuleFileNameW 84560->84561 84562 7ff7f39dbab4 84561->84562 84563 7ff7f39dbad1 84561->84563 84564 7ff7f39d8c48 5 API calls 84562->84564 84566 7ff7f39dbae0 GetModuleFileNameW 84563->84566 84565 7ff7f39dbab9 84564->84565 84567 7ff7f39e01e8 6 API calls 84565->84567 84568 7ff7f39dbb0e 84566->84568 84569 7ff7f39dbafe IsDebuggerPresent 84566->84569 84570 7ff7f39dbacf 84567->84570 84572 7ff7f39d8c48 5 API calls 84568->84572 84577 7ff7f39dbb2c 84568->84577 84569->84568 84571 7ff7f39dbb08 DebugBreak 84569->84571 84573 7ff7f39e59b0 std::_Throw_Cpp_error 8 API calls 84570->84573 84571->84568 84574 7ff7f39dbb18 84572->84574 84575 7ff7f39dbb42 84573->84575 84576 7ff7f39e01e8 6 API calls 84574->84576 84575->84122 84576->84577 84577->84570 84579 7ff7f39d1a12 84578->84579 84580 7ff7f39d72de 84578->84580 84579->84125 84674 7ff7f39d9de8 84579->84674 84580->84579 85807 7ff7f39f43d0 56 API calls 84580->85807 84583 7ff7f39d72eb 84583->84579 85808 7ff7f39f43d0 56 API calls 84583->85808 85809 7ff7f39d71c0 47 API calls 84583->85809 84586 7ff7f39d02fa 84585->84586 84587 7ff7f39d02ea IsDebuggerPresent 84585->84587 84589 7ff7f39d030c IsDebuggerPresent 84586->84589 84590 7ff7f39d031c 84586->84590 84587->84586 84588 7ff7f39d02f4 DebugBreak 84587->84588 84588->84586 84589->84590 84591 7ff7f39d0316 DebugBreak 84589->84591 84592 7ff7f39d03aa 84590->84592 84593 7ff7f39dba60 23 API calls 84590->84593 84591->84590 84592->84133 84592->84134 84594 7ff7f39d0329 84593->84594 84595 7ff7f39d9de8 5 API calls 84594->84595 84596 7ff7f39d0331 84595->84596 84597 7ff7f39d9c10 5 API calls 84596->84597 84598 7ff7f39d0343 84597->84598 84599 7ff7f39da0c4 21 API calls 84598->84599 84600 7ff7f39d034b 84599->84600 85810 7ff7f39da648 18 API calls std::_Throw_Cpp_error 84600->85810 84602 7ff7f39d0356 84603 7ff7f39d03af 84602->84603 84604 7ff7f39d035a 84602->84604 84606 7ff7f39da378 149 API calls 84603->84606 85811 7ff7f39de028 27 API calls 84604->85811 84608 7ff7f39d03bf 84606->84608 84607 7ff7f39d0389 85812 7ff7f39de028 27 API calls 84607->85812 85813 7ff7f39e03bc 17 API calls 84608->85813 84611 7ff7f39d03c9 84611->84592 85814 7ff7f39e3108 6 API calls 2 library calls 84611->85814 84613 7ff7f39d03e3 84613->84592 85815 7ff7f39e3028 51 API calls 84613->85815 84615 7ff7f39d0530 84615->84592 85825 7ff7f39e2e88 17 API calls 2 library calls 84615->85825 84618 7ff7f39d053d 85826 7ff7f39e5a0c 13 API calls 2 library calls 84618->85826 84621 7ff7f39d0401 84621->84615 84623 7ff7f39d0464 84621->84623 85816 7ff7f39d81a0 IsDebuggerPresent DebugBreak 84621->85816 85817 7ff7f39e2f48 51 API calls 84621->85817 85818 7ff7f39f51a0 50 API calls wprintf 84621->85818 84623->84615 85819 7ff7f39e2f48 51 API calls 84623->85819 84625 7ff7f39d047e 84626 7ff7f39d04d0 84625->84626 84627 7ff7f39d8cd4 5 API calls 84625->84627 85822 7ff7f39e2f48 51 API calls 84626->85822 84629 7ff7f39d0492 84627->84629 85820 7ff7f39d7690 56 API calls 84629->85820 84630 7ff7f39d04e2 84630->84615 84632 7ff7f39d8cd4 5 API calls 84630->84632 84634 7ff7f39d04f2 84632->84634 84633 7ff7f39d049d 85821 7ff7f39de028 27 API calls 84633->85821 85823 7ff7f39d7690 56 API calls 84634->85823 84636 7ff7f39d04fd 85824 7ff7f39de028 27 API calls 84636->85824 84640 7ff7f39d1b6f 84639->84640 84641 7ff7f39d93f1 84639->84641 84640->84149 84640->84150 84641->84640 84642 7ff7f39d7738 59 API calls 84641->84642 84643 7ff7f39d9408 84642->84643 84644 7ff7f39d9150 111 API calls 84643->84644 84645 7ff7f39d9415 84644->84645 85827 7ff7f39f414c 13 API calls 2 library calls 84645->85827 84648 7ff7f39d136a 84647->84648 84664 7ff7f39d13c8 84647->84664 85828 7ff7f39cc6f8 121 API calls 84648->85828 84650 7ff7f39d136f 84651 7ff7f39d13b8 IsDebuggerPresent 84650->84651 84653 7ff7f39d13e7 84650->84653 85829 7ff7f39f6f2c 47 API calls 3 library calls 84650->85829 84652 7ff7f39d13c2 DebugBreak 84651->84652 84651->84664 84652->84664 84653->84651 84654 7ff7f39d13f0 84653->84654 84656 7ff7f39dba60 23 API calls 84654->84656 84657 7ff7f39d13f5 84656->84657 84658 7ff7f39d9de8 5 API calls 84657->84658 84659 7ff7f39d13fd 84658->84659 84660 7ff7f39d9c10 5 API calls 84659->84660 84661 7ff7f39d140b 84660->84661 84662 7ff7f39da6b0 14 API calls 84661->84662 84663 7ff7f39d1413 84662->84663 84663->84664 85830 7ff7f39db9b4 111 API calls 84663->85830 84664->84199 84666 7ff7f39d1426 84667 7ff7f39d142a 84666->84667 84669 7ff7f39d143d __scrt_get_show_window_mode 84666->84669 85831 7ff7f39c2d28 80 API calls wprintf 84667->85831 85832 7ff7f39d8fb0 11 API calls 84669->85832 84671 7ff7f39d1476 #345 85833 7ff7f39db9e4 77 API calls 4 library calls 84671->85833 84673 7ff7f39d14ce ExitProcess 84675 7ff7f39d9dff 84674->84675 84676 7ff7f39d9e45 84675->84676 84677 7ff7f39d9e1f 84675->84677 84683 7ff7f39d9e07 84675->84683 84680 7ff7f39d9e53 84676->84680 84676->84683 84679 7ff7f39d8c48 5 API calls 84677->84679 84678 7ff7f39d8cd4 5 API calls 84682 7ff7f39d9e24 84678->84682 84679->84682 84681 7ff7f39d8c48 5 API calls 84680->84681 84681->84682 84682->84128 84683->84678 84684->84125 84685->84135 84687 7ff7f39d8c6c 84686->84687 84691 7ff7f39d1b32 84686->84691 84688 7ff7f39e59d0 std::_Throw_Cpp_error 4 API calls 84687->84688 84689 7ff7f39d8c74 84688->84689 85834 7ff7f39d95fc InitializeCriticalSection 84689->85834 84692 7ff7f39e01e8 84691->84692 84693 7ff7f39e021d 84692->84693 84695 7ff7f39e0238 84692->84695 84694 7ff7f39e0248 WideCharToMultiByte 84693->84694 84693->84695 84694->84695 84696 7ff7f39e0271 84694->84696 84695->84139 84696->84695 84697 7ff7f39e0287 WideCharToMultiByte 84696->84697 84698 7ff7f39e02c4 84697->84698 84699 7ff7f39e02b4 IsDebuggerPresent 84697->84699 84698->84695 84698->84698 84701 7ff7f39e02d2 IsDebuggerPresent 84698->84701 84699->84698 84700 7ff7f39e02be DebugBreak 84699->84700 84700->84698 84701->84695 84702 7ff7f39e02dc DebugBreak 84701->84702 84702->84695 84703->84169 84704->84203 84705->84225 84706->84231 84708->84209 84709->84168 84711 7ff7f39d917a 84710->84711 84712 7ff7f39d920d OutputDebugStringA 84711->84712 84713 7ff7f39d91fa IsDebuggerPresent 84711->84713 84729 7ff7f39d9216 84711->84729 84712->84729 84713->84712 84714 7ff7f39d9204 84713->84714 84714->84712 84714->84729 84715 7ff7f39d1c51 84741 7ff7f39db9e4 77 API calls 4 library calls 84715->84741 84716 7ff7f39d9254 EnterCriticalSection 84718 7ff7f39d9275 84716->84718 84719 7ff7f39d92e1 84716->84719 84717 7ff7f39d922c 84717->84715 85835 7ff7f39d8ffc 84717->85835 84721 7ff7f39e59d0 std::_Throw_Cpp_error 4 API calls 84718->84721 84722 7ff7f39d83a0 13 API calls 84719->84722 84725 7ff7f39d92b1 84719->84725 84723 7ff7f39d927f HeapCreate 84721->84723 84722->84725 84724 7ff7f39e59d0 std::_Throw_Cpp_error 4 API calls 84723->84724 84724->84725 84727 7ff7f39d84c8 4 API calls 84725->84727 84731 7ff7f39d934e 84725->84731 84726 7ff7f39d938f 84728 7ff7f39d8ffc 68 API calls 84726->84728 84733 7ff7f39d931c wprintf 84727->84733 84730 7ff7f39d939a LeaveCriticalSection 84728->84730 84729->84715 84729->84716 84729->84717 84730->84715 84731->84726 84732 7ff7f39f5e3c 78 API calls 84731->84732 84735 7ff7f39d937f 84732->84735 84733->84731 85849 7ff7f39f5e3c 84733->85849 85858 7ff7f39f6280 75 API calls 84735->85858 84736 7ff7f39d933e wprintf 85857 7ff7f39f6280 75 API calls 84736->85857 84738 7ff7f39d9387 85859 7ff7f39f4784 76 API calls wprintf 84738->85859 84741->84201 84742->84188 84744->84213 84748->84178 84749->84180 84750->84206 84751->84221 84752->84235 84753->84240 84754->84245 84755->84243 84756->84250 84757->84250 84758->84253 84759->84263 84760->84258 84761->84262 84763->84208 84764->84228 84765->84242 84767 7ff7f39e6928 GetCurrentThreadId 84766->84767 84768 7ff7f39e6981 84767->84768 84769 7ff7f39e6967 84767->84769 84771 7ff7f39e6986 84768->84771 84772 7ff7f39e699a 84768->84772 84770 7ff7f39e696c AcquireSRWLockExclusive 84769->84770 84773 7ff7f39e6979 84769->84773 84770->84773 84771->84773 84774 7ff7f39e698e AcquireSRWLockExclusive 84771->84774 84775 7ff7f39e69df 84772->84775 84780 7ff7f39e69a8 84772->84780 84792 7ff7f39e59b0 84773->84792 84774->84773 84775->84773 84776 7ff7f39e69e7 TryAcquireSRWLockExclusive 84775->84776 84776->84773 84780->84773 84781 7ff7f39e69cf TryAcquireSRWLockExclusive 84780->84781 84801 7ff7f39e75b8 GetSystemTimeAsFileTime _Xtime_get_ticks 84780->84801 84781->84773 84781->84780 84804 7ff7f39fb0dc EnterCriticalSection 84782->84804 84784 7ff7f39fa5dc 84785 7ff7f39fb130 BuildCatchObjectHelperInternal LeaveCriticalSection 84784->84785 84786 7ff7f39e68c4 84785->84786 84787 7ff7f39e6908 84786->84787 84788 7ff7f39d1777 84787->84788 84789 7ff7f39e6912 ReleaseSRWLockExclusive 84787->84789 84788->84382 84789->84788 84793 7ff7f39e59b9 84792->84793 84794 7ff7f39e59c4 84793->84794 84795 7ff7f39e5d6c IsProcessorFeaturePresent 84793->84795 84794->84372 84794->84373 84794->84379 84796 7ff7f39e5d84 84795->84796 84802 7ff7f39e5f64 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 84796->84802 84798 7ff7f39e5d97 84803 7ff7f39e5d38 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 84798->84803 84801->84780 84802->84798 84806 7ff7f39e013e 84805->84806 84807 7ff7f39e0155 84805->84807 84806->84807 84808 7ff7f39e0162 MultiByteToWideChar 84806->84808 84807->84419 84809 7ff7f39e0193 84808->84809 84809->84807 84810 7ff7f39e019b MultiByteToWideChar 84809->84810 84810->84807 84811 7ff7f39e01bb IsDebuggerPresent 84810->84811 84811->84807 84812 7ff7f39e01c5 DebugBreak 84811->84812 84812->84807 84834 7ff7f39fc320 5 API calls __vcrt_InitializeCriticalSectionEx 84813->84834 84815 7ff7f39fcb14 84835 7ff7f39fc320 5 API calls __vcrt_InitializeCriticalSectionEx 84815->84835 84817 7ff7f39fcb33 84836 7ff7f39fc320 5 API calls __vcrt_InitializeCriticalSectionEx 84817->84836 84819 7ff7f39fcb52 84837 7ff7f39fc320 5 API calls __vcrt_InitializeCriticalSectionEx 84819->84837 84821 7ff7f39fcb71 84838 7ff7f39fc320 5 API calls __vcrt_InitializeCriticalSectionEx 84821->84838 84823 7ff7f39fcb90 84839 7ff7f39fc320 5 API calls __vcrt_InitializeCriticalSectionEx 84823->84839 84825 7ff7f39fcbaf 84840 7ff7f39fc320 5 API calls __vcrt_InitializeCriticalSectionEx 84825->84840 84827 7ff7f39fcbce 84841 7ff7f39fc320 5 API calls __vcrt_InitializeCriticalSectionEx 84827->84841 84829 7ff7f39fcbed 84842 7ff7f39fc320 5 API calls __vcrt_InitializeCriticalSectionEx 84829->84842 84831 7ff7f39fcc0c 84843 7ff7f39fc320 5 API calls __vcrt_InitializeCriticalSectionEx 84831->84843 84833 7ff7f39fcc2b 84834->84815 84835->84817 84836->84819 84837->84821 84838->84823 84839->84825 84840->84827 84841->84829 84842->84831 84843->84833 84845 7ff7f39fbf30 FlsGetValue 84844->84845 84846 7ff7f39fbf4d FlsSetValue 84844->84846 84847 7ff7f39fbf47 84845->84847 84864 7ff7f39fbf3d 84845->84864 84848 7ff7f39fbf5f 84846->84848 84846->84864 84847->84846 84866 7ff7f39fb1b0 84848->84866 84849 7ff7f39fbfb9 SetLastError 84851 7ff7f39d1811 84849->84851 84852 7ff7f39fbfd9 84849->84852 84851->84094 84851->84435 84876 7ff7f39fabc0 47 API calls 2 library calls 84852->84876 84855 7ff7f39fbf8c FlsSetValue 84859 7ff7f39fbfaa 84855->84859 84860 7ff7f39fbf98 FlsSetValue 84855->84860 84856 7ff7f39fbf7c FlsSetValue 84858 7ff7f39fbf85 84856->84858 84873 7ff7f39fb228 11 API calls 2 library calls 84858->84873 84874 7ff7f39fbcbc 11 API calls memcpy_s 84859->84874 84860->84858 84863 7ff7f39fbfb2 84875 7ff7f39fb228 11 API calls 2 library calls 84863->84875 84864->84849 84871 7ff7f39fb1c1 memcpy_s 84866->84871 84867 7ff7f39fb212 84880 7ff7f39f3484 11 API calls memcpy_s 84867->84880 84868 7ff7f39fb1f6 HeapAlloc 84869 7ff7f39fb210 84868->84869 84868->84871 84869->84855 84869->84856 84871->84867 84871->84868 84877 7ff7f39fa550 84871->84877 84873->84864 84874->84863 84875->84849 84881 7ff7f39fa590 84877->84881 84880->84869 84886 7ff7f39fb0dc EnterCriticalSection 84881->84886 84883 7ff7f39fa59d 84884 7ff7f39fb130 BuildCatchObjectHelperInternal LeaveCriticalSection 84883->84884 84885 7ff7f39fa562 84884->84885 84885->84871 84888 7ff7f3a0fd90 __scrt_get_show_window_mode 84887->84888 84889 7ff7f39db809 SHGetFolderPathW 84888->84889 84890 7ff7f39db834 84889->84890 84891 7ff7f39db830 84889->84891 84892 7ff7f39d8c48 5 API calls 84890->84892 84894 7ff7f39e59b0 std::_Throw_Cpp_error 8 API calls 84891->84894 84893 7ff7f39db839 84892->84893 84895 7ff7f39e01e8 6 API calls 84893->84895 84896 7ff7f39d0e6a 84894->84896 84895->84891 84896->84438 84898 7ff7f39d8c48 5 API calls 84897->84898 84899 7ff7f39d8e15 84898->84899 84902 7ff7f39d7738 84899->84902 84909 7ff7f39d777e wprintf __scrt_get_show_window_mode 84902->84909 84904 7ff7f39d780a IsDebuggerPresent 84905 7ff7f39d7814 DebugBreak 84904->84905 84906 7ff7f39d781a 84904->84906 84905->84906 84936 7ff7f39d86a0 51 API calls 84906->84936 84908 7ff7f39e59b0 std::_Throw_Cpp_error 8 API calls 84911 7ff7f39d0edd 84908->84911 84909->84904 84909->84906 84910 7ff7f39d7808 84909->84910 84913 7ff7f39f2f48 84909->84913 84935 7ff7f39f414c 13 API calls 2 library calls 84909->84935 84910->84908 84911->84441 84916 7ff7f39f2fa2 84913->84916 84914 7ff7f39f2fc7 84937 7ff7f39faed0 47 API calls 2 library calls 84914->84937 84915 7ff7f39f3003 84938 7ff7f39f17d0 51 API calls 3 library calls 84915->84938 84916->84914 84916->84915 84919 7ff7f39f2ff1 84922 7ff7f39f315d 84919->84922 84942 7ff7f39f1340 47 API calls 2 library calls 84919->84942 84927 7ff7f39f3173 84922->84927 84943 7ff7f39f1340 47 API calls 2 library calls 84922->84943 84924 7ff7f39f309a 84926 7ff7f39f30e0 84924->84926 84929 7ff7f39f30b5 84924->84929 84930 7ff7f39f3104 84924->84930 84931 7ff7f39f30ac 84924->84931 84925 7ff7f39e59b0 std::_Throw_Cpp_error 8 API calls 84928 7ff7f39f3187 84925->84928 84941 7ff7f39fb228 11 API calls 2 library calls 84926->84941 84927->84925 84928->84909 84939 7ff7f39fb228 11 API calls 2 library calls 84929->84939 84930->84926 84932 7ff7f39f310e 84930->84932 84931->84926 84931->84929 84940 7ff7f39fb228 11 API calls 2 library calls 84932->84940 84935->84909 84936->84910 84937->84919 84938->84924 84939->84919 84940->84919 84941->84919 84942->84922 84943->84927 84945 7ff7f39d8c48 5 API calls 84944->84945 84946 7ff7f39d8d91 84945->84946 84948 7ff7f39d7345 84947->84948 84950 7ff7f39d734d 84947->84950 85088 7ff7f39f414c 13 API calls 2 library calls 84948->85088 84950->84454 85089 7ff7f39da80c 84951->85089 84955 7ff7f39c779a 84956 7ff7f39d84c8 4 API calls 84955->84956 84957 7ff7f39c77ad 84956->84957 84958 7ff7f39c77ee 84957->84958 84959 7ff7f39dba60 23 API calls 84957->84959 84961 7ff7f39c785b 84958->84961 85102 7ff7f39dadd4 27 API calls std::_Throw_Cpp_error 84958->85102 84960 7ff7f39c77c4 84959->84960 84962 7ff7f39d9de8 5 API calls 84960->84962 84964 7ff7f39c787c 84961->84964 85105 7ff7f39d860c 84961->85105 84966 7ff7f39c77cc 84962->84966 84965 7ff7f39c7895 84964->84965 85112 7ff7f39d8528 IsDebuggerPresent DebugBreak memcpy_s __scrt_get_show_window_mode 84964->85112 84970 7ff7f39d7330 13 API calls 84965->84970 84971 7ff7f39d84c8 4 API calls 84966->84971 84967 7ff7f39c7803 84972 7ff7f39c782f 84967->84972 85103 7ff7f39dadd4 27 API calls std::_Throw_Cpp_error 84967->85103 84974 7ff7f39c78a5 84970->84974 84975 7ff7f39c77db 84971->84975 84972->84961 84978 7ff7f39d84c8 4 API calls 84972->84978 84977 7ff7f39d93d0 111 API calls 84974->84977 84979 7ff7f39d84c8 4 API calls 84975->84979 84976 7ff7f39c7819 84976->84972 85104 7ff7f39dadd4 27 API calls std::_Throw_Cpp_error 84976->85104 84986 7ff7f39c78b8 84977->84986 84980 7ff7f39c7848 84978->84980 84979->84958 84983 7ff7f39d84c8 4 API calls 84980->84983 84982 7ff7f39c78db 84984 7ff7f39e59b0 std::_Throw_Cpp_error 8 API calls 84982->84984 84983->84961 84985 7ff7f39c78ef 84984->84985 84985->84459 84986->84982 85113 7ff7f39f414c 13 API calls 2 library calls 84986->85113 84989 7ff7f39c6df4 Module32FirstW 84988->84989 84990 7ff7f39c6ded 84988->84990 84991 7ff7f39c6eaa CloseHandle 84989->84991 84997 7ff7f39c6e12 84989->84997 84992 7ff7f39e59b0 std::_Throw_Cpp_error 8 API calls 84990->84992 84991->84990 84994 7ff7f39c6ec6 84992->84994 84993 7ff7f39d8c48 InitializeCriticalSection RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 84993->84997 85000 7ff7f39d85a8 84994->85000 84995 7ff7f39e01e8 6 API calls 84995->84997 84997->84993 84997->84995 84998 7ff7f39d860c 63 API calls 84997->84998 85126 7ff7f39f6f2c 47 API calls 3 library calls 84997->85126 84999 7ff7f39c6e94 Module32NextW 84998->84999 84999->84991 84999->84997 85001 7ff7f39d85c2 85000->85001 85127 7ff7f39d83a0 85001->85127 85132 7ff7f39d0fb0 85004->85132 85006 7ff7f39c760f __scrt_get_show_window_mode 85007 7ff7f39c7620 GetVersionExW 85006->85007 85008 7ff7f39c7640 85007->85008 85018 7ff7f39c7685 85007->85018 85011 7ff7f39c7669 85008->85011 85012 7ff7f39c7687 85008->85012 85014 7ff7f39d860c 63 API calls 85011->85014 85015 7ff7f39c768c 85012->85015 85016 7ff7f39c76ab 85012->85016 85013 7ff7f39d85a8 13 API calls 85022 7ff7f39c76e3 85013->85022 85014->85018 85019 7ff7f39d860c 63 API calls 85015->85019 85020 7ff7f39d860c 63 API calls 85016->85020 85017 7ff7f39c7710 85021 7ff7f39e59b0 std::_Throw_Cpp_error 8 API calls 85017->85021 85169 7ff7f39c70b8 GetSystemInfo 85018->85169 85019->85018 85020->85018 85023 7ff7f39c7727 85021->85023 85022->85017 85223 7ff7f39f414c 13 API calls 2 library calls 85022->85223 85023->84470 85445 7ff7f39d8cd4 85025->85445 85027 7ff7f39c66ee 85028 7ff7f39c670b 85027->85028 85448 7ff7f39c6a0c 85027->85448 85032 7ff7f39da378 85028->85032 85031 7ff7f39d9c10 5 API calls 85031->85028 85033 7ff7f39da3b4 85032->85033 85034 7ff7f39da3a2 IsDebuggerPresent 85032->85034 85036 7ff7f39d8c48 5 API calls 85033->85036 85035 7ff7f39da3ac DebugBreak 85034->85035 85038 7ff7f39c7b6b 85034->85038 85035->85038 85037 7ff7f39da3b9 85036->85037 85039 7ff7f39e0118 4 API calls 85037->85039 85038->84481 85081 7ff7f39e2c7c 97 API calls null_memory_resource 85038->85081 85040 7ff7f39da3c8 85039->85040 85575 7ff7f39f45b0 85040->85575 85044 7ff7f39da3fb 85045 7ff7f39da4bd 85044->85045 85595 7ff7f39f776c 50 API calls wprintf 85044->85595 85601 7ff7f39f4784 76 API calls wprintf 85045->85601 85048 7ff7f39da40b 85048->85045 85596 7ff7f39f7a74 75 API calls wprintf 85048->85596 85050 7ff7f39da43f 85050->85045 85597 7ff7f39f7d70 63 API calls _fread_nolock 85050->85597 85052 7ff7f39da454 85052->85045 85598 7ff7f39f4aa0 47 API calls 2 library calls 85052->85598 85054 7ff7f39da46a 85599 7ff7f39f4a74 47 API calls 2 library calls 85054->85599 85056 7ff7f39da475 85057 7ff7f39d93d0 111 API calls 85056->85057 85058 7ff7f39da497 85057->85058 85059 7ff7f39da4b0 85058->85059 85060 7ff7f39da4a0 IsDebuggerPresent 85058->85060 85059->85045 85600 7ff7f39f414c 13 API calls 2 library calls 85059->85600 85060->85059 85061 7ff7f39da4aa DebugBreak 85060->85061 85061->85059 85064 7ff7f39f56fa 85063->85064 85076 7ff7f39f57b9 memcpy_s 85063->85076 85066 7ff7f39f57df 85064->85066 85067 7ff7f39f5711 85064->85067 85066->85076 85753 7ff7f39fc084 11 API calls 2 library calls 85066->85753 85751 7ff7f39fb0dc EnterCriticalSection 85067->85751 85070 7ff7f39f57f3 85070->85076 85754 7ff7f39fb264 85070->85754 85079 7ff7f39c7cc4 85076->85079 85752 7ff7f39f53c8 11 API calls memcpy_s 85076->85752 85087 7ff7f39f5250 47 API calls TranslateName 85079->85087 85080 7ff7f39f414c 13 API calls 2 library calls 85080->84464 85081->84492 85082->84488 85083->84486 85084->84498 85085->84500 85086->84481 85087->84495 85088->84950 85090 7ff7f39da829 85089->85090 85097 7ff7f39da851 85089->85097 85091 7ff7f39d8c48 5 API calls 85090->85091 85092 7ff7f39da82e 85091->85092 85094 7ff7f39e0118 4 API calls 85092->85094 85093 7ff7f39e59b0 std::_Throw_Cpp_error 8 API calls 85095 7ff7f39c7784 85093->85095 85096 7ff7f39da83d GetFileAttributesExW 85094->85096 85098 7ff7f39d84c8 85095->85098 85096->85097 85097->85093 85099 7ff7f39d84de 85098->85099 85101 7ff7f39d8508 memcpy_s 85099->85101 85114 7ff7f39d830c 85099->85114 85101->84955 85102->84967 85103->84976 85104->84972 85106 7ff7f39d7738 59 API calls 85105->85106 85108 7ff7f39d862f 85106->85108 85107 7ff7f39d864e 85107->84964 85108->85107 85109 7ff7f39d84c8 4 API calls 85108->85109 85110 7ff7f39d8646 85109->85110 85125 7ff7f39f414c 13 API calls 2 library calls 85110->85125 85112->84965 85113->84982 85115 7ff7f39d8343 85114->85115 85116 7ff7f39d8333 IsDebuggerPresent 85114->85116 85120 7ff7f39d81f8 85115->85120 85116->85115 85117 7ff7f39d833d DebugBreak 85116->85117 85117->85115 85119 7ff7f39d8358 memcpy_s 85119->85101 85121 7ff7f39d8229 85120->85121 85122 7ff7f39d821d memcpy_s 85120->85122 85121->85122 85123 7ff7f39d82f8 IsDebuggerPresent 85121->85123 85122->85119 85123->85122 85124 7ff7f39d8302 DebugBreak 85123->85124 85124->85122 85125->85107 85126->84997 85128 7ff7f39c7a50 85127->85128 85129 7ff7f39d83b2 85127->85129 85128->84464 85128->85080 85129->85128 85131 7ff7f39f414c 13 API calls 2 library calls 85129->85131 85131->85128 85133 7ff7f39d860c 63 API calls 85132->85133 85134 7ff7f39d0fd0 85133->85134 85135 7ff7f39dba60 23 API calls 85134->85135 85136 7ff7f39d0fd5 85135->85136 85224 7ff7f39d0ee4 85136->85224 85139 7ff7f39d860c 63 API calls 85140 7ff7f39d0ff5 GetModuleHandleW FindResourceW 85139->85140 85141 7ff7f39d1014 85140->85141 85142 7ff7f39d104e GetModuleHandleW FindResourceW 85140->85142 85143 7ff7f39d9de8 5 API calls 85141->85143 85144 7ff7f39d1098 85142->85144 85145 7ff7f39d1089 85142->85145 85146 7ff7f39d101c 85143->85146 85148 7ff7f39d860c 63 API calls 85144->85148 85147 7ff7f39d860c 63 API calls 85145->85147 85149 7ff7f39d9c10 5 API calls 85146->85149 85147->85144 85150 7ff7f39d10aa 85148->85150 85152 7ff7f39d102e 85149->85152 85151 7ff7f39d860c 63 API calls 85150->85151 85153 7ff7f39d10c0 85151->85153 85154 7ff7f39d0ee4 107 API calls 85152->85154 85155 7ff7f39d10d8 85153->85155 85157 7ff7f39d860c 63 API calls 85153->85157 85156 7ff7f39d1039 85154->85156 85158 7ff7f39d84c8 4 API calls 85155->85158 85159 7ff7f39d860c 63 API calls 85156->85159 85157->85155 85160 7ff7f39d10ee 85158->85160 85159->85142 85161 7ff7f39d111e 85160->85161 85167 7ff7f39d84c8 4 API calls 85160->85167 85162 7ff7f39d113a 85161->85162 85164 7ff7f39d84c8 4 API calls 85161->85164 85163 7ff7f39d84c8 4 API calls 85162->85163 85165 7ff7f39d114c 85163->85165 85164->85162 85166 7ff7f39d116a 85165->85166 85168 7ff7f39d860c 63 API calls 85165->85168 85166->85006 85167->85161 85168->85166 85170 7ff7f39d860c 63 API calls 85169->85170 85171 7ff7f39c7109 85170->85171 85254 7ff7f39db07c 85171->85254 85174 7ff7f39c7141 85176 7ff7f39d860c 63 API calls 85174->85176 85177 7ff7f39c7158 GlobalMemoryStatusEx 85174->85177 85175 7ff7f39db07c 30 API calls 85175->85174 85176->85177 85178 7ff7f39c7175 85177->85178 85179 7ff7f39d860c 63 API calls 85178->85179 85180 7ff7f39c71ef 85179->85180 85276 7ff7f39d5070 85180->85276 85182 7ff7f39c71f4 85183 7ff7f39d860c 63 API calls 85182->85183 85184 7ff7f39c7217 85183->85184 85185 7ff7f39db07c 30 API calls 85184->85185 85186 7ff7f39c722d 85185->85186 85187 7ff7f39db07c 30 API calls 85186->85187 85188 7ff7f39c7246 85187->85188 85189 7ff7f39c724e 85188->85189 85290 7ff7f39f6f2c 47 API calls 3 library calls 85188->85290 85190 7ff7f39c729a GetLocaleInfoA GetLocaleInfoA 85189->85190 85193 7ff7f39d860c 63 API calls 85189->85193 85191 7ff7f39d860c 63 API calls 85190->85191 85202 7ff7f39c72f5 85191->85202 85193->85190 85194 7ff7f39c726d 85194->85189 85195 7ff7f39c7271 85194->85195 85197 7ff7f39d860c 63 API calls 85195->85197 85196 7ff7f39d8df4 62 API calls 85196->85202 85198 7ff7f39c7286 85197->85198 85198->85190 85199 7ff7f39c73a2 85201 7ff7f39d84c8 4 API calls 85199->85201 85200 7ff7f39d860c 63 API calls 85200->85202 85203 7ff7f39c74dd 85201->85203 85202->85196 85202->85199 85202->85200 85210 7ff7f39db07c 30 API calls 85202->85210 85204 7ff7f39c74f4 85203->85204 85205 7ff7f39d84c8 4 API calls 85203->85205 85206 7ff7f39c751d 85204->85206 85207 7ff7f39d84c8 4 API calls 85204->85207 85205->85204 85208 7ff7f39c7534 85206->85208 85209 7ff7f39d84c8 4 API calls 85206->85209 85211 7ff7f39c750b 85207->85211 85212 7ff7f39d84c8 4 API calls 85208->85212 85213 7ff7f39c754b 85208->85213 85209->85208 85210->85202 85214 7ff7f39d84c8 4 API calls 85211->85214 85212->85213 85215 7ff7f39d84c8 4 API calls 85213->85215 85217 7ff7f39c7562 85213->85217 85214->85206 85215->85217 85216 7ff7f39c7579 85219 7ff7f39c758f 85216->85219 85220 7ff7f39d84c8 4 API calls 85216->85220 85217->85216 85218 7ff7f39d84c8 4 API calls 85217->85218 85218->85216 85221 7ff7f39e59b0 std::_Throw_Cpp_error 8 API calls 85219->85221 85220->85219 85222 7ff7f39c759b 85221->85222 85222->85013 85223->85017 85236 7ff7f39da6b0 85224->85236 85227 7ff7f39d0f03 85229 7ff7f39d8df4 62 API calls 85227->85229 85228 7ff7f39d0f16 85244 7ff7f39d8b28 100 API calls 85228->85244 85231 7ff7f39d0f11 85229->85231 85231->85139 85232 7ff7f39d0f20 85245 7ff7f39d882c 99 API calls 2 library calls 85232->85245 85234 7ff7f39d0f44 85246 7ff7f39dfa18 90 API calls std::_Throw_Cpp_error 85234->85246 85237 7ff7f39da6d5 85236->85237 85238 7ff7f39da6bf IsDebuggerPresent 85236->85238 85247 7ff7f39da5f0 85237->85247 85239 7ff7f39da6c9 DebugBreak 85238->85239 85242 7ff7f39d0efb 85238->85242 85239->85242 85241 7ff7f39da6da 85241->85242 85243 7ff7f39da6e6 GetFileSizeEx CloseHandle 85241->85243 85242->85227 85242->85228 85243->85242 85244->85232 85245->85234 85246->85231 85248 7ff7f39da602 85247->85248 85249 7ff7f39da5fe 85247->85249 85251 7ff7f39d8c48 5 API calls 85248->85251 85250 7ff7f39da616 CreateFileW 85249->85250 85250->85241 85252 7ff7f39da607 85251->85252 85253 7ff7f39e0118 4 API calls 85252->85253 85253->85250 85255 7ff7f39db0a7 85254->85255 85272 7ff7f39c7126 85254->85272 85256 7ff7f39d8c48 5 API calls 85255->85256 85262 7ff7f39db0b0 85255->85262 85257 7ff7f39db0ba 85256->85257 85259 7ff7f39e0118 4 API calls 85257->85259 85258 7ff7f39d8c48 5 API calls 85260 7ff7f39db0da 85258->85260 85259->85262 85263 7ff7f39e0118 4 API calls 85260->85263 85261 7ff7f39db0f3 RegOpenKeyExW 85264 7ff7f39db11c RegQueryValueExW 85261->85264 85273 7ff7f39db0d0 _CallSETranslator 85261->85273 85262->85258 85262->85273 85263->85273 85265 7ff7f39db194 RegCloseKey 85264->85265 85264->85273 85265->85273 85266 7ff7f39db1c2 85267 7ff7f39db1df 85266->85267 85268 7ff7f39d8c48 5 API calls 85266->85268 85292 7ff7f39f414c 13 API calls 2 library calls 85267->85292 85271 7ff7f39db1cc 85268->85271 85270 7ff7f39db15a RegQueryValueExW 85270->85265 85270->85273 85274 7ff7f39e01e8 6 API calls 85271->85274 85272->85174 85272->85175 85273->85261 85273->85265 85273->85266 85273->85270 85291 7ff7f39f414c 13 API calls 2 library calls 85273->85291 85274->85267 85293 7ff7f39c1530 85276->85293 85279 7ff7f39d50cd 85279->85182 85280 7ff7f39d8c48 5 API calls 85281 7ff7f39d50b4 85280->85281 85281->85279 85281->85281 85282 7ff7f39d50e0 WideCharToMultiByte 85281->85282 85282->85279 85283 7ff7f39d510d 85282->85283 85283->85279 85284 7ff7f39d5122 WideCharToMultiByte 85283->85284 85285 7ff7f39d5161 85284->85285 85286 7ff7f39d5151 IsDebuggerPresent 85284->85286 85285->85279 85285->85285 85288 7ff7f39d516f IsDebuggerPresent 85285->85288 85286->85285 85287 7ff7f39d515b DebugBreak 85286->85287 85287->85285 85288->85279 85289 7ff7f39d5179 DebugBreak 85288->85289 85289->85279 85290->85194 85291->85273 85292->85272 85294 7ff7f39c165e 85293->85294 85297 7ff7f39c1564 85293->85297 85295 7ff7f39e59b0 std::_Throw_Cpp_error 8 API calls 85294->85295 85296 7ff7f39c1744 85295->85296 85296->85279 85296->85280 85324 7ff7f39c22e8 85297->85324 85299 7ff7f39c15ed 85300 7ff7f39c1641 85299->85300 85301 7ff7f39c162f 85299->85301 85356 7ff7f39c1760 85300->85356 85335 7ff7f39c11b7 85301->85335 85304 7ff7f39c163d 85382 7ff7f39c1e6a 85304->85382 85305 7ff7f39c165c 85305->85304 85313 7ff7f39c16d1 85305->85313 85376 7ff7f39c2032 85305->85376 85307 7ff7f39c1639 85307->85304 85375 7ff7f39c1336 32 API calls std::_Throw_Cpp_error 85307->85375 85311 7ff7f39c1e6a 13 API calls 85312 7ff7f39c170d 85311->85312 85314 7ff7f39c1e6a 13 API calls 85312->85314 85381 7ff7f39c2910 CoTaskMemAlloc memcpy_s 85313->85381 85315 7ff7f39c1717 85314->85315 85318 7ff7f39c1e6a 13 API calls 85315->85318 85317 7ff7f39c16ab 85380 7ff7f39c2064 13 API calls memcpy_s 85317->85380 85319 7ff7f39c171f 85318->85319 85321 7ff7f39c1e6a 13 API calls 85319->85321 85322 7ff7f39c1727 85321->85322 85323 7ff7f39c1e6a 13 API calls 85322->85323 85323->85294 85386 7ff7f39c23c5 85324->85386 85327 7ff7f39c23c5 74 API calls 85328 7ff7f39c2351 85327->85328 85329 7ff7f39c23c5 74 API calls 85328->85329 85330 7ff7f39c23a5 85329->85330 85331 7ff7f39c1e6a 13 API calls 85330->85331 85332 7ff7f39c23ad 85331->85332 85333 7ff7f39e59b0 std::_Throw_Cpp_error 8 API calls 85332->85333 85334 7ff7f39c23ba 85333->85334 85334->85299 85336 7ff7f39c1ec6 13 API calls 85335->85336 85337 7ff7f39c11e2 85336->85337 85338 7ff7f39c123b 85337->85338 85339 7ff7f39c1226 85337->85339 85420 7ff7f39c10eb 17 API calls 85338->85420 85414 7ff7f39c10ab 85339->85414 85342 7ff7f39c130a 85344 7ff7f39c1e6a 13 API calls 85342->85344 85343 7ff7f39c12fc 85345 7ff7f39e59b0 std::_Throw_Cpp_error 8 API calls 85343->85345 85344->85343 85347 7ff7f39c132a 85345->85347 85346 7ff7f39c126a 85346->85342 85421 7ff7f39c1f80 85346->85421 85347->85307 85349 7ff7f39c1298 85349->85342 85350 7ff7f39c12b1 85349->85350 85351 7ff7f39c1f80 13 API calls 85350->85351 85352 7ff7f39c12e1 85351->85352 85353 7ff7f39c2032 13 API calls 85352->85353 85354 7ff7f39c12ec 85353->85354 85355 7ff7f39c1e6a 13 API calls 85354->85355 85355->85339 85358 7ff7f39c17c5 85356->85358 85359 7ff7f39c1a98 85358->85359 85361 7ff7f39c19b0 85358->85361 85362 7ff7f39c1c99 53 API calls 85358->85362 85366 7ff7f39c1ac1 GetModuleHandleW GetProcAddress 85358->85366 85370 7ff7f39c1e6a 13 API calls 85358->85370 85372 7ff7f39c1ec6 13 API calls 85358->85372 85373 7ff7f39f6bb0 47 API calls 85358->85373 85374 7ff7f39c2032 13 API calls 85358->85374 85425 7ff7f39c1000 85358->85425 85435 7ff7f39f68c4 53 API calls 3 library calls 85358->85435 85436 7ff7f39c1df2 85358->85436 85441 7ff7f39e5cc0 AcquireSRWLockExclusive SleepConditionVariableSRW ReleaseSRWLockExclusive 85358->85441 85360 7ff7f39c1e6a 13 API calls 85359->85360 85360->85361 85363 7ff7f39e59b0 std::_Throw_Cpp_error 8 API calls 85361->85363 85362->85358 85364 7ff7f39c1b75 85363->85364 85364->85305 85442 7ff7f39e5c54 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 85366->85442 85370->85358 85372->85358 85373->85358 85374->85358 85375->85305 85377 7ff7f39c2043 85376->85377 85378 7ff7f39c1ec6 13 API calls 85377->85378 85379 7ff7f39c208e memcpy_s 85377->85379 85378->85379 85379->85317 85380->85313 85381->85304 85383 7ff7f39c1e7f 85382->85383 85384 7ff7f39c1703 85382->85384 85383->85384 85444 7ff7f39e5a0c 13 API calls 2 library calls 85383->85444 85384->85311 85387 7ff7f39c23ec 85386->85387 85399 7ff7f39c2960 GetEnvironmentVariableW 85387->85399 85390 7ff7f39c2436 85391 7ff7f39c232c 85390->85391 85405 7ff7f39c24c0 RegOpenKeyExW RegCloseKey 85390->85405 85391->85327 85394 7ff7f39c23ff 85394->85391 85408 7ff7f39f4098 47 API calls 2 library calls 85394->85408 85395 7ff7f39c2453 85395->85391 85409 7ff7f39c2524 70 API calls std::_Throw_Cpp_error 85395->85409 85397 7ff7f39c24c0 10 API calls 85397->85395 85400 7ff7f39c23fb 85399->85400 85401 7ff7f39c297c 85399->85401 85400->85390 85400->85394 85410 7ff7f39c1ec6 85401->85410 85403 7ff7f39c2988 85403->85400 85404 7ff7f39c2994 GetEnvironmentVariableW 85403->85404 85404->85400 85406 7ff7f39e59b0 std::_Throw_Cpp_error 8 API calls 85405->85406 85407 7ff7f39c244f 85406->85407 85407->85395 85407->85397 85408->85391 85409->85391 85411 7ff7f39c1f35 85410->85411 85412 7ff7f39c1ed7 memcpy_s 85410->85412 85411->85403 85412->85411 85413 7ff7f39e5a0c null_memory_resource 13 API calls 85412->85413 85413->85411 85415 7ff7f39c2032 13 API calls 85414->85415 85416 7ff7f39c10bf 85415->85416 85417 7ff7f39c2032 13 API calls 85416->85417 85418 7ff7f39c10ce 85417->85418 85419 7ff7f39c10d6 GetFileAttributesW 85418->85419 85419->85343 85420->85346 85422 7ff7f39c1fa0 85421->85422 85423 7ff7f39c1fb5 memcpy_s 85422->85423 85424 7ff7f39c1ec6 13 API calls 85422->85424 85423->85349 85424->85423 85426 7ff7f39c1065 85425->85426 85427 7ff7f39c1ec6 13 API calls 85426->85427 85428 7ff7f39c1074 85427->85428 85429 7ff7f39c1f80 13 API calls 85428->85429 85430 7ff7f39c1089 85429->85430 85431 7ff7f39e59b0 std::_Throw_Cpp_error 8 API calls 85430->85431 85432 7ff7f39c1096 85431->85432 85433 7ff7f39c1ec6 13 API calls 85432->85433 85434 7ff7f39c208e memcpy_s 85432->85434 85433->85434 85434->85358 85435->85358 85437 7ff7f39c1e04 OutputDebugStringW 85436->85437 85443 7ff7f39c20f6 85437->85443 85440 7ff7f39c1e3e OutputDebugStringW OutputDebugStringW 85440->85358 85443->85440 85444->85384 85446 7ff7f39d8c48 5 API calls 85445->85446 85447 7ff7f39d8ce9 85446->85447 85447->85027 85449 7ff7f39c6a22 85448->85449 85450 7ff7f39c66fd 85448->85450 85481 7ff7f39c6904 85449->85481 85450->85031 85453 7ff7f39c6a3a 85456 7ff7f39db7d4 20 API calls 85453->85456 85454 7ff7f39c6a2b 85455 7ff7f39dba60 23 API calls 85454->85455 85457 7ff7f39c6a30 85455->85457 85458 7ff7f39c6a46 85456->85458 85459 7ff7f39d9de8 5 API calls 85457->85459 85460 7ff7f39c6a60 85458->85460 85461 7ff7f39c6a4b IsDebuggerPresent 85458->85461 85463 7ff7f39c6a38 85459->85463 85462 7ff7f39d9c10 5 API calls 85460->85462 85464 7ff7f39c6a55 DebugBreak 85461->85464 85465 7ff7f39c6a5b 85461->85465 85466 7ff7f39c6a72 85462->85466 85469 7ff7f39d93d0 111 API calls 85463->85469 85464->85465 85533 7ff7f39db870 22 API calls 2 library calls 85465->85533 85466->85463 85468 7ff7f39d8d74 5 API calls 85466->85468 85470 7ff7f39c6a90 85468->85470 85471 7ff7f39c6ac0 85469->85471 85470->85463 85473 7ff7f39d8d74 5 API calls 85470->85473 85507 7ff7f39da0c4 85471->85507 85473->85463 85477 7ff7f39c6ae7 85480 7ff7f39d7330 13 API calls 85477->85480 85478 7ff7f39c6ad7 IsDebuggerPresent 85478->85477 85479 7ff7f39c6ae1 DebugBreak 85478->85479 85479->85477 85480->85450 85482 7ff7f39c6923 85481->85482 85483 7ff7f39c6919 85481->85483 85482->85483 85484 7ff7f39d8d74 5 API calls 85482->85484 85483->85453 85483->85454 85485 7ff7f39c694d 85484->85485 85534 7ff7f39db264 85485->85534 85488 7ff7f39c69a7 85489 7ff7f39dba60 23 API calls 85488->85489 85491 7ff7f39c69ac 85489->85491 85490 7ff7f39dba60 23 API calls 85492 7ff7f39c6969 85490->85492 85493 7ff7f39db7d4 20 API calls 85491->85493 85546 7ff7f39d7268 47 API calls 85492->85546 85495 7ff7f39c69b9 85493->85495 85539 7ff7f39c68b0 85495->85539 85496 7ff7f39c697b 85498 7ff7f39c697f 85496->85498 85499 7ff7f39c6995 85496->85499 85504 7ff7f39d9c10 5 API calls 85498->85504 85547 7ff7f39da12c 72 API calls std::_Throw_Cpp_error 85499->85547 85502 7ff7f39c69a3 85502->85483 85502->85488 85503 7ff7f39db7d4 20 API calls 85505 7ff7f39c69d2 85503->85505 85504->85499 85506 7ff7f39c68b0 72 API calls 85505->85506 85506->85483 85508 7ff7f39da0dc 85507->85508 85509 7ff7f39da0d8 85507->85509 85510 7ff7f39d8c48 5 API calls 85508->85510 85554 7ff7f39d9f28 GetFullPathNameW 85509->85554 85511 7ff7f39da0e1 85510->85511 85513 7ff7f39e0118 4 API calls 85511->85513 85513->85509 85515 7ff7f39c6ac8 85519 7ff7f39da874 85515->85519 85516 7ff7f39d8c48 5 API calls 85517 7ff7f39da105 85516->85517 85518 7ff7f39e01e8 6 API calls 85517->85518 85518->85515 85520 7ff7f39d9de8 5 API calls 85519->85520 85521 7ff7f39da88b 85520->85521 85522 7ff7f39da8d5 85521->85522 85526 7ff7f39da80c 18 API calls 85521->85526 85523 7ff7f39da8da 85522->85523 85525 7ff7f39d8c48 5 API calls 85522->85525 85524 7ff7f39da8f2 CreateDirectoryW 85523->85524 85528 7ff7f39c6ad3 85524->85528 85529 7ff7f39da901 GetLastError 85524->85529 85527 7ff7f39da8e3 85525->85527 85530 7ff7f39da8c9 85526->85530 85531 7ff7f39e0118 4 API calls 85527->85531 85528->85477 85528->85478 85529->85528 85530->85522 85532 7ff7f39da874 18 API calls 85530->85532 85531->85524 85532->85522 85533->85460 85548 7ff7f39db204 85534->85548 85537 7ff7f39c695c 85537->85488 85537->85490 85538 7ff7f39db204 125 API calls 85538->85537 85540 7ff7f39d8cd4 5 API calls 85539->85540 85541 7ff7f39c68c6 85540->85541 85542 7ff7f39c68f4 85541->85542 85545 7ff7f39c68ce 85541->85545 85542->85483 85542->85503 85544 7ff7f39c68f0 85544->85542 85545->85542 85545->85544 85553 7ff7f39da12c 72 API calls std::_Throw_Cpp_error 85545->85553 85546->85496 85547->85502 85549 7ff7f39db07c 30 API calls 85548->85549 85550 7ff7f39db226 85549->85550 85551 7ff7f39d93d0 111 API calls 85550->85551 85552 7ff7f39db24b 85551->85552 85552->85537 85552->85538 85553->85545 85555 7ff7f39d9f6c 85554->85555 85556 7ff7f39d9f5b 85554->85556 85557 7ff7f39d8c48 5 API calls 85555->85557 85573 7ff7f39d8d20 InitializeCriticalSection RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 85556->85573 85559 7ff7f39d9f71 85557->85559 85560 7ff7f39d9f7f GetFullPathNameW GetLongPathNameW 85559->85560 85561 7ff7f39d9faf 85560->85561 85572 7ff7f39d9f67 85560->85572 85562 7ff7f39d8c48 5 API calls 85561->85562 85563 7ff7f39d9fb4 85562->85563 85564 7ff7f39d9fc2 GetLongPathNameW 85563->85564 85565 7ff7f39d9fe0 GetShortPathNameW 85564->85565 85564->85572 85566 7ff7f39d9fff 85565->85566 85567 7ff7f39da02b 85565->85567 85568 7ff7f39d8c48 5 API calls 85566->85568 85567->85572 85574 7ff7f39d8db4 InitializeCriticalSection RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 85567->85574 85569 7ff7f39da004 85568->85569 85570 7ff7f39da011 GetShortPathNameW 85569->85570 85570->85567 85572->85515 85572->85516 85576 7ff7f39f44e4 85575->85576 85577 7ff7f39f450a 85576->85577 85580 7ff7f39f453d 85576->85580 85614 7ff7f39f3484 11 API calls memcpy_s 85577->85614 85579 7ff7f39f450f 85615 7ff7f39faf9c 47 API calls _invalid_parameter_noinfo_noreturn 85579->85615 85582 7ff7f39f4543 85580->85582 85583 7ff7f39f4550 85580->85583 85616 7ff7f39f3484 11 API calls memcpy_s 85582->85616 85602 7ff7f39fea44 85583->85602 85587 7ff7f39f4564 85617 7ff7f39f3484 11 API calls memcpy_s 85587->85617 85588 7ff7f39f4571 85609 7ff7f39ff208 85588->85609 85591 7ff7f39f4584 85618 7ff7f39ece30 LeaveCriticalSection 85591->85618 85593 7ff7f39da3d7 85593->85038 85594 7ff7f39f7a74 75 API calls wprintf 85593->85594 85594->85044 85595->85048 85596->85050 85597->85052 85598->85054 85599->85056 85600->85045 85601->85038 85619 7ff7f39fb0dc EnterCriticalSection 85602->85619 85604 7ff7f39fea5b 85605 7ff7f39feab8 19 API calls 85604->85605 85606 7ff7f39fea66 85605->85606 85607 7ff7f39fb130 BuildCatchObjectHelperInternal LeaveCriticalSection 85606->85607 85608 7ff7f39f455a 85607->85608 85608->85587 85608->85588 85620 7ff7f39fee68 85609->85620 85612 7ff7f39ff262 85612->85591 85614->85579 85615->85593 85616->85593 85617->85593 85625 7ff7f39feea3 __vcrt_InitializeCriticalSectionEx 85620->85625 85622 7ff7f39ff141 85639 7ff7f39faf9c 47 API calls _invalid_parameter_noinfo_noreturn 85622->85639 85624 7ff7f39ff073 85624->85612 85632 7ff7f3a0a078 85624->85632 85630 7ff7f39ff06a 85625->85630 85635 7ff7f39f7084 53 API calls 4 library calls 85625->85635 85627 7ff7f39ff0d5 85627->85630 85636 7ff7f39f7084 53 API calls 4 library calls 85627->85636 85629 7ff7f39ff0f4 85629->85630 85637 7ff7f39f7084 53 API calls 4 library calls 85629->85637 85630->85624 85638 7ff7f39f3484 11 API calls memcpy_s 85630->85638 85640 7ff7f3a09528 85632->85640 85635->85627 85636->85629 85637->85630 85638->85622 85639->85624 85641 7ff7f3a0955d 85640->85641 85642 7ff7f3a0953f 85640->85642 85641->85642 85645 7ff7f3a09579 85641->85645 85694 7ff7f39f3484 11 API calls memcpy_s 85642->85694 85644 7ff7f3a09544 85695 7ff7f39faf9c 47 API calls _invalid_parameter_noinfo_noreturn 85644->85695 85651 7ff7f3a09c88 85645->85651 85648 7ff7f3a09550 85648->85612 85697 7ff7f3a0986c 85651->85697 85654 7ff7f3a09cfd 85729 7ff7f39f3464 11 API calls memcpy_s 85654->85729 85655 7ff7f3a09d15 85717 7ff7f39ff9bc 85655->85717 85659 7ff7f3a09d02 85730 7ff7f39f3484 11 API calls memcpy_s 85659->85730 85687 7ff7f3a095a4 85687->85648 85696 7ff7f39ff994 LeaveCriticalSection 85687->85696 85694->85644 85695->85648 85698 7ff7f3a09898 85697->85698 85706 7ff7f3a098b2 85697->85706 85698->85706 85742 7ff7f39f3484 11 API calls memcpy_s 85698->85742 85700 7ff7f3a098a7 85743 7ff7f39faf9c 47 API calls _invalid_parameter_noinfo_noreturn 85700->85743 85702 7ff7f3a09981 85715 7ff7f3a099de 85702->85715 85748 7ff7f39f8acc 47 API calls 2 library calls 85702->85748 85703 7ff7f3a09930 85703->85702 85746 7ff7f39f3484 11 API calls memcpy_s 85703->85746 85706->85703 85744 7ff7f39f3484 11 API calls memcpy_s 85706->85744 85707 7ff7f3a099da 85710 7ff7f3a09a5c 85707->85710 85707->85715 85708 7ff7f3a09976 85747 7ff7f39faf9c 47 API calls _invalid_parameter_noinfo_noreturn 85708->85747 85749 7ff7f39fafec 17 API calls _invalid_parameter_noinfo_noreturn 85710->85749 85712 7ff7f3a09925 85745 7ff7f39faf9c 47 API calls _invalid_parameter_noinfo_noreturn 85712->85745 85715->85654 85715->85655 85750 7ff7f39fb0dc EnterCriticalSection 85717->85750 85729->85659 85730->85687 85742->85700 85743->85706 85744->85712 85745->85703 85746->85708 85747->85702 85748->85707 85752->85079 85753->85070 85755 7ff7f39fb2af 85754->85755 85759 7ff7f39fb273 memcpy_s 85754->85759 85761 7ff7f39f3484 11 API calls memcpy_s 85755->85761 85756 7ff7f39fb296 HeapAlloc 85758 7ff7f39fb2ad 85756->85758 85756->85759 85758->85076 85759->85755 85759->85756 85760 7ff7f39fa550 std::_Throw_Cpp_error 2 API calls 85759->85760 85760->85759 85761->85758 85763->84509 85764->84522 85765->84526 85767 7ff7f39dce4e 85766->85767 85768 7ff7f39dce64 IsDebuggerPresent 85767->85768 85769 7ff7f39dce78 85767->85769 85770 7ff7f39dce5e 85767->85770 85771 7ff7f39d1940 RegisterClassExW 85768->85771 85772 7ff7f39dce6e DebugBreak 85768->85772 85769->85771 85773 7ff7f39dce89 LoadCursorW 85769->85773 85770->85768 85771->84114 85771->84115 85772->85771 85773->85771 85774 7ff7f39dce9d IsDebuggerPresent 85773->85774 85774->85771 85775 7ff7f39dcea7 DebugBreak 85774->85775 85775->85771 85797 7ff7f39e10b8 CommandLineToArgvW 85776->85797 85778 7ff7f39e117b 85778->84557 85780 7ff7f39ddac2 85779->85780 85781 7ff7f39ddac7 85779->85781 85804 7ff7f39f414c 13 API calls 2 library calls 85780->85804 85783 7ff7f39ddae4 85781->85783 85805 7ff7f39f414c 13 API calls 2 library calls 85781->85805 85785 7ff7f39c9fb1 85783->85785 85806 7ff7f39dd900 16 API calls memcpy_s 85783->85806 85785->84559 85787->84557 85788->84557 85789->84557 85790->84557 85791->84557 85792->84557 85793->84557 85794->84557 85795->84540 85796->84535 85798 7ff7f39e112c LocalFree 85797->85798 85801 7ff7f39e10e3 85797->85801 85798->85778 85799 7ff7f39d8c48 5 API calls 85799->85801 85800 7ff7f39e01e8 6 API calls 85800->85801 85801->85798 85801->85799 85801->85800 85803 7ff7f39ddc00 27 API calls __std_exception_destroy 85801->85803 85803->85801 85804->85781 85805->85781 85806->85785 85807->84583 85808->84583 85809->84583 85810->84602 85811->84607 85812->84592 85813->84611 85814->84613 85815->84621 85816->84621 85817->84621 85818->84621 85819->84625 85820->84633 85821->84626 85822->84630 85823->84636 85824->84615 85825->84618 85826->84592 85827->84640 85828->84650 85829->84650 85830->84666 85831->84669 85832->84671 85833->84673 85834->84691 85836 7ff7f39d9005 85835->85836 85837 7ff7f39d9140 85835->85837 85836->85837 85838 7ff7f39d9096 SetNamedPipeHandleState 85836->85838 85839 7ff7f39d9051 CreateFileW 85836->85839 85837->84715 85841 7ff7f39d90b3 OutputDebugStringA 85838->85841 85842 7ff7f39d90c0 85838->85842 85839->85837 85840 7ff7f39d9093 85839->85840 85840->85838 85841->85842 85843 7ff7f39d910a WriteFile 85842->85843 85844 7ff7f39d8df4 62 API calls 85842->85844 85843->85837 85845 7ff7f39d912c CloseHandle 85843->85845 85846 7ff7f39d90d8 WriteFile 85844->85846 85845->85837 85846->85843 85850 7ff7f39f5e6c 85849->85850 85860 7ff7f39f5b8c 85850->85860 85853 7ff7f39f5eb0 85856 7ff7f39f5ec5 85853->85856 85868 7ff7f39f1340 47 API calls 2 library calls 85853->85868 85856->84736 85857->84731 85858->84738 85859->84726 85861 7ff7f39f5bac 85860->85861 85862 7ff7f39f5bd9 85860->85862 85861->85862 85863 7ff7f39f5bb6 85861->85863 85864 7ff7f39f5be1 85861->85864 85862->85853 85867 7ff7f39f1340 47 API calls 2 library calls 85862->85867 85869 7ff7f39faed0 47 API calls 2 library calls 85863->85869 85870 7ff7f39f5acc 85864->85870 85867->85853 85868->85856 85869->85862 85877 7ff7f39ece24 EnterCriticalSection 85870->85877 85878 42f1e0 85879 42f1e6 85878->85879 85879->85878 85881 42f219 85879->85881 85882 45bea0 SetWaitableTimer 85879->85882 85883 45bf1f 85882->85883 85883->85881 85884 7ff7f39dd380 85885 7ff7f39dd3bc 85884->85885 85886 7ff7f39dd3a9 RegisterWindowMessageW 85884->85886 85887 7ff7f39dd414 DefWindowProcW 85885->85887 85888 7ff7f39dd3c0 85885->85888 85886->85885 85894 7ff7f39dd410 85887->85894 85889 7ff7f39dd3d7 85888->85889 85890 7ff7f39d93d0 111 API calls 85888->85890 85891 7ff7f39dd403 85889->85891 85892 7ff7f39d93d0 111 API calls 85889->85892 85890->85889 85895 7ff7f39e5a0c 13 API calls 2 library calls 85891->85895 85892->85891 85895->85894 85896 45ba00 85897 45ba39 VirtualAlloc 85896->85897 85898 45ba28 85896->85898 85898->85897 85899 188c3040200 85900 188c304020a 85899->85900 85901 188c3040269 LoadLibraryA 85900->85901 85902 188c3040296 85901->85902 85903 188c30402ff WSASocketA 85902->85903 85904 188c3040430 85902->85904 85903->85904 85905 188c3040324 85903->85905 85906 188c3040334 connect 85905->85906 85906->85906 85907 188c3040349 send send 85906->85907 85908 188c30403eb VirtualAlloc 85907->85908 85909 188c3040417 recv 85908->85909 85910 188c3040428 closesocket 85909->85910 85911 188c3040410 85909->85911 85910->85904 85911->85909 85912 7ff7f3a07578 85913 7ff7f3a0759a 85912->85913 85914 7ff7f3a075b7 85912->85914 85913->85914 85915 7ff7f3a075a8 85913->85915 85916 7ff7f3a075c1 85914->85916 85934 7ff7f3a0b800 48 API calls 2 library calls 85914->85934 85933 7ff7f39f3484 11 API calls memcpy_s 85915->85933 85921 7ff7f39fd2b4 85916->85921 85920 7ff7f3a075ad __scrt_get_show_window_mode 85922 7ff7f39fd2d3 85921->85922 85923 7ff7f39fd2c9 85921->85923 85924 7ff7f39fd2d8 85922->85924 85931 7ff7f39fd2df memcpy_s 85922->85931 85925 7ff7f39fb264 _fread_nolock 12 API calls 85923->85925 85935 7ff7f39fb228 11 API calls 2 library calls 85924->85935 85929 7ff7f39fd2d1 85925->85929 85927 7ff7f39fd2e5 85936 7ff7f39f3484 11 API calls memcpy_s 85927->85936 85928 7ff7f39fd312 HeapReAlloc 85928->85929 85928->85931 85929->85920 85931->85927 85931->85928 85932 7ff7f39fa550 std::_Throw_Cpp_error 2 API calls 85931->85932 85932->85931 85933->85920 85934->85916 85935->85929 85936->85929

                    Control-flow Graph

                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: AddressProc$BreakDebugDebuggerPresent$AppendCallerDirectoryLibraryLoadPathSystem
                    • String ID: CloseGestureInfoHandle$CloseThemeData$DrawThemeBackground$DwmDefWindowProc$DwmExtendFrameIntoClientArea$DwmGetWindowAttribute$DwmIsCompositionEnabled$DwmSetWindowAttribute$GetAwarenessFromDpiAwarenessContext$GetDpiForWindow$GetGestureInfo$GetProcessInformation$GetThemeColor$GetThreadDpiAwarenessContext$IsAppThemed$IsThemeActive$IsThemeBackgroundPartiallyTransparent$IsWow64Process$MiniDumpWriteDump$NormalizeString$NtSetInformationProcess$OpenThemeData$RtlCaptureContext$RtlCaptureStackBackTrace$SetDefaultDllDirectories$SetDllDirectoryW$SetGestureConfig$SetProcessDEPPolicy$SetProcessMitigationPolicy$SetThreadDescription$SetThreadDpiAwarenessContext$SetWindowTheme$StackWalk64$SymCleanup$SymFromAddr$SymFunctionTableAccess64$SymGetLineFromAddr64$SymGetModuleBase64$SymGetOptions$SymInitializeW$SymRefreshModuleList$SymSetOptions$SymSetSearchPath$SymSetSearchPathW$dbghelp.dll$dwmapi.dll$kernel32.dll$normaliz.dll$ntdll.dll$user32.dll$uxtheme.dll
                    • API String ID: 3616135366-3084459247
                    • Opcode ID: 81b31805f7f9b71c5e691b2b31fab29a0651e4cc0e81d3c6e4e3c8f7317608cc
                    • Instruction ID: 36bd3ecb7944a7458b56bf0317a211d108fbea71e947a29c0b87beda59d2fd1d
                    • Opcode Fuzzy Hash: 81b31805f7f9b71c5e691b2b31fab29a0651e4cc0e81d3c6e4e3c8f7317608cc
                    • Instruction Fuzzy Hash: 01C17674A09B0791FF84BB16AC94C64E361BF44B95BC45035E86E7E3A4EE3CE14987B0
                    APIs
                      • Part of subcall function 00007FF7F39DFB70: IsDebuggerPresent.KERNEL32(?,?,00000000,00007FF7F39D177C), ref: 00007FF7F39DFB8A
                      • Part of subcall function 00007FF7F39DFB70: DebugBreak.KERNEL32(?,?,00000000,00007FF7F39D177C), ref: 00007FF7F39DFB94
                      • Part of subcall function 00007FF7F39DFB70: GetProcAddress.KERNEL32(?,?,00000000,00007FF7F39D177C), ref: 00007FF7F39DFBA4
                      • Part of subcall function 00007FF7F39DFB70: GetProcAddress.KERNEL32(?,?,00000000,00007FF7F39D177C), ref: 00007FF7F39DFBBB
                      • Part of subcall function 00007FF7F39DFB70: GetProcAddress.KERNEL32(?,?,00000000,00007FF7F39D177C), ref: 00007FF7F39DFBD2
                      • Part of subcall function 00007FF7F39DFB70: GetProcAddress.KERNEL32(?,?,00000000,00007FF7F39D177C), ref: 00007FF7F39DFBE2
                      • Part of subcall function 00007FF7F39DFB70: GetProcAddress.KERNEL32(?,?,00000000,00007FF7F39D177C), ref: 00007FF7F39DFBF9
                      • Part of subcall function 00007FF7F39DFB70: GetProcAddress.KERNEL32(?,?,00000000,00007FF7F39D177C), ref: 00007FF7F39DFC09
                      • Part of subcall function 00007FF7F39DFB70: GetProcAddress.KERNEL32(?,?,00000000,00007FF7F39D177C), ref: 00007FF7F39DFC19
                      • Part of subcall function 00007FF7F39DFB70: GetProcAddress.KERNEL32(?,?,00000000,00007FF7F39D177C), ref: 00007FF7F39DFC29
                      • Part of subcall function 00007FF7F39DFB70: GetProcAddress.KERNEL32(?,?,00000000,00007FF7F39D177C), ref: 00007FF7F39DFC40
                      • Part of subcall function 00007FF7F39DFB70: IsDebuggerPresent.KERNEL32(?,?,00000000,00007FF7F39D177C), ref: 00007FF7F39DFC5A
                      • Part of subcall function 00007FF7F39DFB70: DebugBreak.KERNEL32(?,?,00000000,00007FF7F39D177C), ref: 00007FF7F39DFC64
                      • Part of subcall function 00007FF7F39DFB70: GetProcAddress.KERNEL32(?,?,00000000,00007FF7F39D177C), ref: 00007FF7F39DFC74
                      • Part of subcall function 00007FF7F39DFB70: IsDebuggerPresent.KERNEL32(?,?,00000000,00007FF7F39D177C), ref: 00007FF7F39DFC95
                      • Part of subcall function 00007FF7F39DFB70: DebugBreak.KERNEL32(?,?,00000000,00007FF7F39D177C), ref: 00007FF7F39DFC9F
                      • Part of subcall function 00007FF7F39DFB70: GetProcAddress.KERNEL32(?,?,00000000,00007FF7F39D177C), ref: 00007FF7F39DFCAF
                      • Part of subcall function 00007FF7F39DFB70: GetProcAddress.KERNEL32(?,?,00000000,00007FF7F39D177C), ref: 00007FF7F39DFCC6
                      • Part of subcall function 00007FF7F39DFB70: GetProcAddress.KERNEL32(?,?,00000000,00007FF7F39D177C), ref: 00007FF7F39DFCD6
                      • Part of subcall function 00007FF7F39DFB70: GetProcAddress.KERNEL32(?,?,00000000,00007FF7F39D177C), ref: 00007FF7F39DFCE6
                      • Part of subcall function 00007FF7F39DFB70: GetProcAddress.KERNEL32(?,?,00000000,00007FF7F39D177C), ref: 00007FF7F39DFCF6
                      • Part of subcall function 00007FF7F39DFB70: GetProcAddress.KERNEL32(?,?,00000000,00007FF7F39D177C), ref: 00007FF7F39DFD0D
                      • Part of subcall function 00007FF7F39DFB70: GetProcAddress.KERNEL32(?,?,00000000,00007FF7F39D177C), ref: 00007FF7F39DFD24
                      • Part of subcall function 00007FF7F39DFB70: GetProcAddress.KERNEL32(?,?,00000000,00007FF7F39D177C), ref: 00007FF7F39DFD53
                      • Part of subcall function 00007FF7F39DFAE0: GetSystemDirectoryW.KERNEL32 ref: 00007FF7F39DFB08
                      • Part of subcall function 00007FF7F39DFAE0: PathAppendW.SHLWAPI ref: 00007FF7F39DFB3C
                      • Part of subcall function 00007FF7F39DFAE0: LoadLibraryExW.KERNEL32 ref: 00007FF7F39DFB4B
                    • GetCurrentProcess.KERNEL32 ref: 00007FF7F39D17CC
                    • NtSetInformationProcess.NTDLL ref: 00007FF7F39D17E4
                    • SetErrorMode.KERNEL32 ref: 00007FF7F39D17FD
                    • OleInitialize.OLE32 ref: 00007FF7F39D1876
                    • InitCommonControlsEx.COMCTL32 ref: 00007FF7F39D1891
                    • InitializeCriticalSection.KERNEL32 ref: 00007FF7F39D18DF
                    • RegisterClassExW.USER32 ref: 00007FF7F39D1947
                    • IsDebuggerPresent.KERNEL32 ref: 00007FF7F39D1956
                    • DebugBreak.KERNEL32 ref: 00007FF7F39D1960
                    • GetModuleHandleW.KERNEL32 ref: 00007FF7F39D1968
                    • CreateWindowExW.USER32 ref: 00007FF7F39D19A9
                    • IsDebuggerPresent.KERNEL32 ref: 00007FF7F39D19B6
                    • GetCommandLineW.KERNEL32 ref: 00007FF7F39D19D0
                    • GetModuleHandleW.KERNEL32 ref: 00007FF7F39D1A6B
                    • FindResourceW.KERNEL32 ref: 00007FF7F39D1A7A
                    • GetCommandLineW.KERNEL32 ref: 00007FF7F39D1B1A
                    • GetModuleHandleW.KERNEL32 ref: 00007FF7F39D1B7E
                    • FindResourceW.KERNEL32 ref: 00007FF7F39D1B8D
                    • GetModuleHandleW.KERNEL32 ref: 00007FF7F39D1C29
                    • FindResourceW.KERNEL32 ref: 00007FF7F39D1C38
                    • GetModuleHandleW.KERNEL32 ref: 00007FF7F39D1CB6
                    • FindResourceW.KERNEL32 ref: 00007FF7F39D1CC5
                    • OleUninitialize.OLE32 ref: 00007FF7F39D1D0C
                    • ExitProcess.KERNEL32 ref: 00007FF7F39D1D3C
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: AddressProc$DebuggerHandleModulePresent$BreakDebugFindResource$Process$CommandInitializeLine$AppendClassCommonControlsCreateCriticalCurrentDirectoryErrorExitInformationInitLibraryLoadModePathRegisterSectionSystemUninitializeWindow
                    • String ID: flags.deleteFile: '%s'$ flags.updateSelfTo: '%s'$3.6$AppxManifest.xml$Deleted '%s'$Error$Exiting with exit code: %d$Failed to delete '%s'$Not a valid installer$Starting: '%s' ver %s, flags.install: %d, flags.uninstall: %d$UITask Dispatch Window$UITask_Msg_StdFunction$UITask_Wnd_Class$callstacks.txt$crashinfo-$failed to extract files$gdiplus.dll$install$open$store$sumatra-log.txt$sumatrapdfcrash.dmp$sumatrapdfcrash.txt$this is not a SumatraPDF installer, -x option not available$uninstall
                    • API String ID: 2514466982-1859778982
                    • Opcode ID: 65e9b45337f5b7ccb8c77aad8d2fd7e364220e2dc8dcfdd38c48ddce2454c8c7
                    • Instruction ID: eb4ff856d2a9fb6895187437fc852532c981fd60c7817e02cdd00bbd54e86ee0
                    • Opcode Fuzzy Hash: 65e9b45337f5b7ccb8c77aad8d2fd7e364220e2dc8dcfdd38c48ddce2454c8c7
                    • Instruction Fuzzy Hash: 8F625221A0D64385FBD0FB62A8565B9A360AF45B58FC40035E9BE3F6E5DF2CE44487B0

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 380 7ff7f39c70b8-7ff7f39c7129 GetSystemInfo call 7ff7f39d860c call 7ff7f39db07c 385 7ff7f39c7146-7ff7f39c7153 call 7ff7f39d860c 380->385 386 7ff7f39c712b-7ff7f39c713c call 7ff7f39db07c 380->386 390 7ff7f39c7158-7ff7f39c7173 GlobalMemoryStatusEx 385->390 389 7ff7f39c7141-7ff7f39c7144 386->389 389->385 389->390 391 7ff7f39c7175-7ff7f39c717a 390->391 392 7ff7f39c717c-7ff7f39c718d 390->392 393 7ff7f39c7191-7ff7f39c71aa 391->393 392->393 394 7ff7f39c71b3-7ff7f39c71c4 393->394 395 7ff7f39c71ac-7ff7f39c71b1 393->395 396 7ff7f39c71c8-7ff7f39c71f7 call 7ff7f39d860c call 7ff7f39d5070 394->396 395->396 401 7ff7f39c71f9-7ff7f39c71fc 396->401 402 7ff7f39c71fe 396->402 401->402 403 7ff7f39c7205-7ff7f39c724c call 7ff7f39d860c call 7ff7f39db07c * 2 401->403 402->403 410 7ff7f39c7258-7ff7f39c725b 403->410 411 7ff7f39c724e-7ff7f39c7251 403->411 414 7ff7f39c7288 410->414 415 7ff7f39c725d-7ff7f39c7260 410->415 412 7ff7f39c7253-7ff7f39c7256 411->412 413 7ff7f39c729a-7ff7f39c72f9 GetLocaleInfoA * 2 call 7ff7f39d860c 411->413 417 7ff7f39c728b-7ff7f39c7295 call 7ff7f39d860c 412->417 423 7ff7f39c7375-7ff7f39c739c call 7ff7f39d8df4 call 7ff7f39db07c 413->423 414->417 415->414 416 7ff7f39c7262-7ff7f39c726f call 7ff7f39f6f68 415->416 416->414 424 7ff7f39c7271-7ff7f39c7286 call 7ff7f39d860c 416->424 417->413 431 7ff7f39c73a2-7ff7f39c73e7 423->431 432 7ff7f39c72fb-7ff7f39c7334 call 7ff7f39d860c * 2 call 7ff7f39db07c 423->432 424->413 433 7ff7f39c73e9-7ff7f39c7428 431->433 434 7ff7f39c742b-7ff7f39c742e 431->434 450 7ff7f39c7336-7ff7f39c7343 call 7ff7f39d860c 432->450 451 7ff7f39c7348-7ff7f39c7355 call 7ff7f39db07c 432->451 433->434 436 7ff7f39c7430-7ff7f39c7457 434->436 437 7ff7f39c745a-7ff7f39c74e0 call 7ff7f39d84c8 434->437 436->437 444 7ff7f39c74e2-7ff7f39c74ef call 7ff7f39d84c8 437->444 445 7ff7f39c74f4-7ff7f39c74f7 437->445 444->445 448 7ff7f39c74f9-7ff7f39c7518 call 7ff7f39d84c8 * 2 445->448 449 7ff7f39c751d-7ff7f39c7520 445->449 448->449 453 7ff7f39c7522-7ff7f39c752f call 7ff7f39d84c8 449->453 454 7ff7f39c7534-7ff7f39c7537 449->454 450->451 464 7ff7f39c735a-7ff7f39c735d 451->464 453->454 456 7ff7f39c7539-7ff7f39c7546 call 7ff7f39d84c8 454->456 457 7ff7f39c754b-7ff7f39c754e 454->457 456->457 462 7ff7f39c7562-7ff7f39c7565 457->462 463 7ff7f39c7550-7ff7f39c755d call 7ff7f39d84c8 457->463 467 7ff7f39c7579-7ff7f39c757b 462->467 468 7ff7f39c7567-7ff7f39c7574 call 7ff7f39d84c8 462->468 463->462 469 7ff7f39c7371-7ff7f39c7373 464->469 470 7ff7f39c735f-7ff7f39c736c call 7ff7f39d860c 464->470 473 7ff7f39c758f-7ff7f39c75bb call 7ff7f39e59b0 467->473 474 7ff7f39c757d-7ff7f39c758a call 7ff7f39d84c8 467->474 468->467 469->423 470->469 474->473
                    APIs
                    • GetSystemInfo.KERNEL32 ref: 00007FF7F39C70F0
                    • GlobalMemoryStatusEx.KERNEL32 ref: 00007FF7F39C7163
                    • GetLocaleInfoA.KERNEL32 ref: 00007FF7F39C72C6
                    • GetLocaleInfoA.KERNEL32 ref: 00007FF7F39C72D8
                      • Part of subcall function 00007FF7F39DB07C: RegOpenKeyExW.KERNEL32(?,?,00000000,InstallLocation,00000000,00007FF7F39DB226,?,?,?,?,00000000,00007FF7F39DB286,?,?,?,00007FF7F39C695C), ref: 00007FF7F39DB10C
                      • Part of subcall function 00007FF7F39DB07C: RegQueryValueExW.KERNEL32(?,?,00000000,InstallLocation,00000000,00007FF7F39DB226,?,?,?,?,00000000,00007FF7F39DB286,?,?,?,00007FF7F39C695C), ref: 00007FF7F39DB13C
                      • Part of subcall function 00007FF7F39DB07C: RegQueryValueExW.KERNEL32(?,?,00000000,InstallLocation,00000000,00007FF7F39DB226,?,?,?,?,00000000,00007FF7F39DB286,?,?,?,00007FF7F39C695C), ref: 00007FF7F39DB17D
                      • Part of subcall function 00007FF7F39DB07C: RegCloseKey.KERNEL32(?,?,00000000,InstallLocation,00000000,00007FF7F39DB226,?,?,?,?,00000000,00007FF7F39DB286,?,?,?,00007FF7F39C695C), ref: 00007FF7F39DB19C
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: Info$LocaleQueryValue$CloseGlobalMemoryOpenStatusSystem
                    • String ID: DriverDesc: %s$ DriverVersion: %s$ UserModeDriverName: %s$AVX $AVX2 $CPU: $DriverDesc$DriverVersion$Graphics driver %d$HARDWARE\DESCRIPTION\System\BIOS$HARDWARE\DESCRIPTION\System\CentralProcessor$HARDWARE\DESCRIPTION\System\CentralProcessor\0$Lang: %s %s$MMX $Machine: %s$Machine: %s %s$Number Of Processors: %d$Physical Memory: %.2f GBCommit Charge Limit: %.2f GBMemory Used: %d%%$Processor: %s$ProcessorNameString$SSE $SSE2 $SSE3 $SSE41 $SSE42 $SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\%04d$SystemFamily$SystemVersion$UserModeDriverName$WebView2: %s$no WebView2 installed
                    • API String ID: 250054085-206806256
                    • Opcode ID: d283d04e221d9893acc6cc29e433fae195d3d3d1c2db6ab66a7e69f0a0cf4dd8
                    • Instruction ID: fcdf4003d942ab8da4acac033f8af42ee4ededdbe2f2fd5844e38018ea7d6be2
                    • Opcode Fuzzy Hash: d283d04e221d9893acc6cc29e433fae195d3d3d1c2db6ab66a7e69f0a0cf4dd8
                    • Instruction Fuzzy Hash: B5D1D361B1C64249FB84EB269551AB8A391BF487C8FC05135ED2E7BBD6DE3CE40187E0
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: BreakDebugDebuggerPresent
                    • String ID: $!$"$#$%d,%d%$$%dx%$$($)$*$+$,$-$.$.lnk$/$0$1$2$3$6$7$8$@$C$D$E$G$ParseFlags: argName: '%s', arg: %d$ParseFlags: skipping '%s'$loadonly
                    • API String ID: 1472931004-1873476029
                    • Opcode ID: bc93e791d2eab0394ab4d4d0bbcb6a875ca8b8142a99bba40fbfb19cbd277895
                    • Instruction ID: b8c7c5768d7d8dbc5a6dcf5d7578711a1f0c67eb982382760e489364eddfaa6e
                    • Opcode Fuzzy Hash: bc93e791d2eab0394ab4d4d0bbcb6a875ca8b8142a99bba40fbfb19cbd277895
                    • Instruction Fuzzy Hash: E8627421E0D283D6FBA4F73180456BDA791AB157ACF900235CA7E3F6C1DE2DB4548BA0

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 843 7ff7f39c7930-7ff7f39c7969 844 7ff7f39c7974-7ff7f39c797c IsDebuggerPresent 843->844 845 7ff7f39c796b-7ff7f39c7972 843->845 846 7ff7f39c7984-7ff7f39c7987 844->846 847 7ff7f39c797e DebugBreak 844->847 845->844 845->846 848 7ff7f39c7995-7ff7f39c7998 846->848 849 7ff7f39c7989-7ff7f39c7990 846->849 847->846 851 7ff7f39c7cd2 848->851 852 7ff7f39c799e-7ff7f39c79cb call 7ff7f39d7330 call 7ff7f39c7730 call 7ff7f39d93d0 848->852 850 7ff7f39c7cd9-7ff7f39c7cdb call 7ff7f39d9150 849->850 856 7ff7f39c7ce0-7ff7f39c7d02 call 7ff7f39e59b0 850->856 851->850 863 7ff7f39c79ce-7ff7f39c79d5 852->863 863->863 864 7ff7f39c79d7-7ff7f39c79f4 call 7ff7f39d95ac 863->864 867 7ff7f39c79f6-7ff7f39c79f9 864->867 868 7ff7f39c79fb-7ff7f39c7a02 864->868 869 7ff7f39c7a14-7ff7f39c7a5e call 7ff7f39c6da4 call 7ff7f39d85a8 867->869 868->868 870 7ff7f39c7a04-7ff7f39c7a0f call 7ff7f39d95ac 868->870 876 7ff7f39c7a82-7ff7f39c7a84 869->876 877 7ff7f39c7a60-7ff7f39c7a67 869->877 870->869 879 7ff7f39c7a92-7ff7f39c7aea GetModuleHandleW FindResourceExW call 7ff7f39c75bc call 7ff7f39e59d0 HeapCreate 876->879 880 7ff7f39c7a86-7ff7f39c7a8d 876->880 877->876 878 7ff7f39c7a69-7ff7f39c7a70 877->878 881 7ff7f39c7a72-7ff7f39c7a7a call 7ff7f39f414c 878->881 882 7ff7f39c7a7c 878->882 889 7ff7f39c7b10-7ff7f39c7b2b call 7ff7f39d8c48 879->889 890 7ff7f39c7aec-7ff7f39c7b0e call 7ff7f39d8c48 879->890 880->850 881->876 882->876 895 7ff7f39c7b32-7ff7f39c7b72 call 7ff7f39d7380 call 7ff7f39d74b8 call 7ff7f39c66d8 call 7ff7f39da378 889->895 890->895 904 7ff7f39c7b78-7ff7f39c7b94 call 7ff7f39e2c7c 895->904 905 7ff7f39c7c37-7ff7f39c7c51 CreateEventW 895->905 912 7ff7f39c7bd1-7ff7f39c7c32 call 7ff7f39e59d0 call 7ff7f3a0fd90 call 7ff7f39ca144 call 7ff7f39ca2e0 call 7ff7f39f414c 904->912 913 7ff7f39c7b96-7ff7f39c7ba1 904->913 907 7ff7f39c7c53-7ff7f39c7c5a 905->907 908 7ff7f39c7c5c-7ff7f39c7c84 CreateThread 905->908 907->850 910 7ff7f39c7c8f-7ff7f39c7cbf SetUnhandledExceptionFilter AddVectoredExceptionHandler call 7ff7f39f56c8 908->910 911 7ff7f39c7c86-7ff7f39c7c8d 908->911 917 7ff7f39c7cc4-7ff7f39c7cd0 call 7ff7f39f5250 910->917 911->850 912->905 915 7ff7f39c7bc4-7ff7f39c7bcc call 7ff7f39e5a0c 913->915 916 7ff7f39c7ba3-7ff7f39c7ba9 913->916 915->912 920 7ff7f39c7bc0 916->920 921 7ff7f39c7bab-7ff7f39c7bae 916->921 917->856 920->915 926 7ff7f39c7bb0-7ff7f39c7bb8 call 7ff7f39f414c 921->926 927 7ff7f39c7bba 921->927 926->920 927->920
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: Create$BreakDebugDebuggerEventFindHandleHeapModulePresentResourceThread
                    • String ID: -64.pdb.lzsa$/SumatraPDF-$/SumatraPDF-prerel$3.6$InstallCrashHandler: crashDumpPath: '%s' crashFilePath: '%s' symDir: '%s'$InstallCrashHandler: skipping because !SetSymbolsDir()$InstallCrashHandler: skipping because !crashDumpPath$InstallCrashHandler: skipping because !gDumpEvent$InstallCrashHandler: skipping because !gDumpThread$InstallCrashHandler: skipping because isWine$PRE_RELEASE_VER$prerel/$rel/
                    • API String ID: 1043814054-1394769586
                    • Opcode ID: 76241e417dafb41ed8871ed9cd12931483f5bbc8c6fde188f8115f3b509fd9be
                    • Instruction ID: 49598b33d2fa92af1a60172dc1fc629bfa24daed5b855ccb0033ef89f44d1874
                    • Opcode Fuzzy Hash: 76241e417dafb41ed8871ed9cd12931483f5bbc8c6fde188f8115f3b509fd9be
                    • Instruction Fuzzy Hash: 40B1AD21A09A4385FB94FB62E8516BDE3A1AF44B88FC04135D96D3F7E5DE3CE50487A0

                    Control-flow Graph

                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2360834876.00000188C3040000.00000040.00000020.00020000.00000000.sdmp, Offset: 00000188C3040000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_188c3040000_biubiu.jbxd
                    Similarity
                    • API ID: send$AllocLibraryLoadSocketVirtualclosesocketconnectrecv
                    • String ID: /bea$/w64$32.d$32.d$ll$ll$unMa$user$ws2_
                    • API String ID: 2519967277-3552594899
                    • Opcode ID: ff102af4d646a78c0eeb12b16195175af378eda3a64505bc516884c9938e0460
                    • Instruction ID: e15232b0643db241ad673ae77dcfca8f8030b8e55c3df3686b9165617a6883c5
                    • Opcode Fuzzy Hash: ff102af4d646a78c0eeb12b16195175af378eda3a64505bc516884c9938e0460
                    • Instruction Fuzzy Hash: 4651F57121C7888FD7699FA898553EABBD1FBD5300F40462DE48BC7346DE34CA068796

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 1100 7ff7f39d02c8-7ff7f39d02e8 1101 7ff7f39d02fa-7ff7f39d0301 1100->1101 1102 7ff7f39d02ea-7ff7f39d02f2 IsDebuggerPresent 1100->1102 1104 7ff7f39d0303-7ff7f39d030a 1101->1104 1105 7ff7f39d030c-7ff7f39d0314 IsDebuggerPresent 1101->1105 1102->1101 1103 7ff7f39d02f4 DebugBreak 1102->1103 1103->1101 1104->1105 1106 7ff7f39d031c-7ff7f39d031e 1104->1106 1105->1106 1107 7ff7f39d0316 DebugBreak 1105->1107 1108 7ff7f39d0324-7ff7f39d0346 call 7ff7f39dba60 call 7ff7f39d9de8 call 7ff7f39d9c10 call 7ff7f39da0c4 1106->1108 1109 7ff7f39d054a-7ff7f39d055e 1106->1109 1107->1106 1117 7ff7f39d034b-7ff7f39d0358 call 7ff7f39da648 1108->1117 1120 7ff7f39d03af-7ff7f39d03cc call 7ff7f39da378 call 7ff7f39e03bc 1117->1120 1121 7ff7f39d035a-7ff7f39d03aa call 7ff7f39de028 * 2 1117->1121 1120->1109 1130 7ff7f39d03d2-7ff7f39d03e9 call 7ff7f39e3108 1120->1130 1121->1109 1130->1109 1133 7ff7f39d03ef-7ff7f39d0407 call 7ff7f39e3028 1130->1133 1136 7ff7f39d0535-7ff7f39d0545 call 7ff7f39e2e88 call 7ff7f39e5a0c 1133->1136 1137 7ff7f39d040d-7ff7f39d040f 1133->1137 1136->1109 1138 7ff7f39d0416-7ff7f39d0435 call 7ff7f39d81a0 call 7ff7f39e2f48 1137->1138 1146 7ff7f39d0453 1138->1146 1147 7ff7f39d0437-7ff7f39d0441 call 7ff7f39f51a0 1138->1147 1148 7ff7f39d0459-7ff7f39d0462 1146->1148 1147->1146 1154 7ff7f39d0443-7ff7f39d0451 1147->1154 1148->1138 1150 7ff7f39d0464-7ff7f39d0466 1148->1150 1152 7ff7f39d0530-7ff7f39d0533 1150->1152 1153 7ff7f39d046c-7ff7f39d0485 call 7ff7f39e2f48 1150->1153 1152->1109 1152->1136 1157 7ff7f39d04d0-7ff7f39d04e5 call 7ff7f39e2f48 1153->1157 1158 7ff7f39d0487-7ff7f39d04cb call 7ff7f39d8cd4 call 7ff7f39d7690 call 7ff7f39d78b8 call 7ff7f39de028 1153->1158 1154->1148 1157->1152 1163 7ff7f39d04e7-7ff7f39d052b call 7ff7f39d8cd4 call 7ff7f39d7690 call 7ff7f39d78b8 call 7ff7f39de028 1157->1163 1158->1157 1163->1152
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: BreakDebugDebuggerPresent
                    • String ID: :;$,,,$InternetAccess$LinkProtocols$Policies$SafeFileTypes$audio,video,webpage$http,https,mailto,file$sumatrapdfrestrict.ini
                    • API String ID: 1472931004-2612192800
                    • Opcode ID: bbb03020d83f6d624b1ef1010f371dd3a68806fd3ebafebf4c5221f2d2b07b82
                    • Instruction ID: a244ac1f0648ff70123986c7ffc1a1f349234f1bbfba9506a53f1be51f34bff4
                    • Opcode Fuzzy Hash: bbb03020d83f6d624b1ef1010f371dd3a68806fd3ebafebf4c5221f2d2b07b82
                    • Instruction Fuzzy Hash: 49614961A0D61381FBD0FB12A85AAB9E350AF45798FC40135E8BD3F7D6DE2CE00587A0

                    Control-flow Graph

                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: BreakDebugDebuggerPresent$FileModuleName
                    • String ID: Preview$ Store$GetAppDataDirTemp(): '%s'$SumatraPDF
                    • API String ID: 3147969113-3106056761
                    • Opcode ID: b3c1d2b301ec7b9a10d028ba7ce297b521defbfc7f318c25701e3146eb8c6b58
                    • Instruction ID: cd7cf8561aa366fa4cba444f0880b47b29b820f74837b19021110a959344a8d4
                    • Opcode Fuzzy Hash: b3c1d2b301ec7b9a10d028ba7ce297b521defbfc7f318c25701e3146eb8c6b58
                    • Instruction Fuzzy Hash: 31212610E1D60380FFD1FB62A81AAB592909F15B88FC85034E87D3E2E6EE1DE44496F0

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 1291 7ff7f3a09c88-7ff7f3a09cfb call 7ff7f3a0986c 1294 7ff7f3a09cfd-7ff7f3a09d06 call 7ff7f39f3464 1291->1294 1295 7ff7f3a09d15-7ff7f3a09d1f call 7ff7f39ff9bc 1291->1295 1302 7ff7f3a09d09-7ff7f3a09d10 call 7ff7f39f3484 1294->1302 1300 7ff7f3a09d3a-7ff7f3a09da3 CreateFileW 1295->1300 1301 7ff7f3a09d21-7ff7f3a09d38 call 7ff7f39f3464 call 7ff7f39f3484 1295->1301 1304 7ff7f3a09e20-7ff7f3a09e2b GetFileType 1300->1304 1305 7ff7f3a09da5-7ff7f3a09dab 1300->1305 1301->1302 1313 7ff7f3a0a056-7ff7f3a0a076 1302->1313 1307 7ff7f3a09e2d-7ff7f3a09e68 GetLastError call 7ff7f39f33f8 CloseHandle 1304->1307 1308 7ff7f3a09e7e-7ff7f3a09e85 1304->1308 1310 7ff7f3a09ded-7ff7f3a09e1b GetLastError call 7ff7f39f33f8 1305->1310 1311 7ff7f3a09dad-7ff7f3a09db1 1305->1311 1307->1302 1325 7ff7f3a09e6e-7ff7f3a09e79 call 7ff7f39f3484 1307->1325 1316 7ff7f3a09e87-7ff7f3a09e8b 1308->1316 1317 7ff7f3a09e8d-7ff7f3a09e90 1308->1317 1310->1302 1311->1310 1318 7ff7f3a09db3-7ff7f3a09deb CreateFileW 1311->1318 1322 7ff7f3a09e96-7ff7f3a09eeb call 7ff7f39ff8d4 1316->1322 1317->1322 1323 7ff7f3a09e92 1317->1323 1318->1304 1318->1310 1330 7ff7f3a09f0a-7ff7f3a09f3b call 7ff7f3a095ec 1322->1330 1331 7ff7f3a09eed-7ff7f3a09ef9 call 7ff7f3a09a74 1322->1331 1323->1322 1325->1302 1337 7ff7f3a09f3d-7ff7f3a09f3f 1330->1337 1338 7ff7f3a09f41-7ff7f3a09f83 1330->1338 1331->1330 1336 7ff7f3a09efb 1331->1336 1339 7ff7f3a09efd-7ff7f3a09f05 call 7ff7f39ff3e0 1336->1339 1337->1339 1340 7ff7f3a09fa5-7ff7f3a09fb0 1338->1340 1341 7ff7f3a09f85-7ff7f3a09f89 1338->1341 1339->1313 1344 7ff7f3a0a054 1340->1344 1345 7ff7f3a09fb6-7ff7f3a09fba 1340->1345 1341->1340 1343 7ff7f3a09f8b-7ff7f3a09fa0 1341->1343 1343->1340 1344->1313 1345->1344 1347 7ff7f3a09fc0-7ff7f3a0a005 CloseHandle CreateFileW 1345->1347 1348 7ff7f3a0a007-7ff7f3a0a035 GetLastError call 7ff7f39f33f8 call 7ff7f39ffafc 1347->1348 1349 7ff7f3a0a03a-7ff7f3a0a04f 1347->1349 1348->1349 1349->1344
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                    • String ID:
                    • API String ID: 1617910340-0
                    • Opcode ID: dd07c2d9a3949339ed434854bb71ecdcf54af1c9fb119de96d455f6b7ef83375
                    • Instruction ID: fec5d845556442d7c210bd9e19f4fa5e5d795fd6c54409282ffc5a01f781b147
                    • Opcode Fuzzy Hash: dd07c2d9a3949339ed434854bb71ecdcf54af1c9fb119de96d455f6b7ef83375
                    • Instruction Fuzzy Hash: A5C1D377B24A4185EB50EF76C490AAC7761E749BA8B404329EA3E6F3E4CF38D451C390

                    Control-flow Graph

                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: Module32$CloseCreateCurrentFirstHandleNextProcessSnapshotToolhelp32
                    • String ID: Module: %p %06X %-16s %s$winex11.drv
                    • API String ID: 3675805834-2160328035
                    • Opcode ID: a6bcf2675ccf25d2ced6f829a914463a92bffc4a49810c6daeb22188184c2016
                    • Instruction ID: 2374770509490d69bbeaf85f9b4b495320fd334218c70bf3b248341b7b73bd8e
                    • Opcode Fuzzy Hash: a6bcf2675ccf25d2ced6f829a914463a92bffc4a49810c6daeb22188184c2016
                    • Instruction Fuzzy Hash: 3A31842560D64281EB90FB26E8016A9A391EB45BB8FC41335EE7D2F7C5DF3CD1408BA0

                    Control-flow Graph

                    APIs
                    Strings
                    • ReadFileWithAllocator: fread() failed, path: '%s', size: %d, nRead: %d, err: %d, isEof: %d, xrefs: 00007FF7F39DA47A
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: BreakDebugDebuggerPresent$_fread_nolock
                    • String ID: ReadFileWithAllocator: fread() failed, path: '%s', size: %d, nRead: %d, err: %d, isEof: %d
                    • API String ID: 959530579-730082027
                    • Opcode ID: 9f526c5f40266b742bca489b450957fc97ef60d0fbe4dd65a63d97479be2ee86
                    • Instruction ID: 440bb0b9ea958e3c59e1f1c21cc52b77697d0c6f088feb18268073a990783e34
                    • Opcode Fuzzy Hash: 9f526c5f40266b742bca489b450957fc97ef60d0fbe4dd65a63d97479be2ee86
                    • Instruction Fuzzy Hash: 01419521A0865281FB94FB239449339E290AF44BD8F948530EE7D2FBD5EF3CE45187A0

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 1468 7ff7f39d5070-7ff7f39d509b call 7ff7f39c1530 1471 7ff7f39d50a1-7ff7f39d50a9 1468->1471 1472 7ff7f39d5187 1468->1472 1471->1472 1473 7ff7f39d50af-7ff7f39d50bb call 7ff7f39d8c48 1471->1473 1474 7ff7f39d5189-7ff7f39d51a1 1472->1474 1477 7ff7f39d50be-7ff7f39d50c6 1473->1477 1477->1477 1478 7ff7f39d50c8-7ff7f39d50cb 1477->1478 1479 7ff7f39d50e0-7ff7f39d510b WideCharToMultiByte 1478->1479 1480 7ff7f39d50cd-7ff7f39d50db call 7ff7f39d9564 1478->1480 1482 7ff7f39d5182-7ff7f39d5185 1479->1482 1483 7ff7f39d510d-7ff7f39d5120 call 7ff7f39d9564 1479->1483 1480->1482 1482->1474 1483->1482 1487 7ff7f39d5122-7ff7f39d514f WideCharToMultiByte 1483->1487 1488 7ff7f39d5161-7ff7f39d5168 1487->1488 1489 7ff7f39d5151-7ff7f39d5159 IsDebuggerPresent 1487->1489 1488->1488 1490 7ff7f39d516a-7ff7f39d516d 1488->1490 1489->1488 1491 7ff7f39d515b DebugBreak 1489->1491 1492 7ff7f39d517f 1490->1492 1493 7ff7f39d516f-7ff7f39d5177 IsDebuggerPresent 1490->1493 1491->1488 1492->1482 1493->1492 1494 7ff7f39d5179 DebugBreak 1493->1494 1494->1492
                    APIs
                    • WideCharToMultiByte.KERNEL32(?,?,?,?,80000002,?,?,00007FF7F39C71F4), ref: 00007FF7F39D5100
                    • WideCharToMultiByte.KERNEL32(?,?,?,?,80000002,?,?,00007FF7F39C71F4), ref: 00007FF7F39D5143
                    • IsDebuggerPresent.KERNEL32(?,?,?,?,80000002,?,?,00007FF7F39C71F4), ref: 00007FF7F39D5151
                    • DebugBreak.KERNEL32(?,?,?,?,80000002,?,?,00007FF7F39C71F4), ref: 00007FF7F39D515B
                    • IsDebuggerPresent.KERNEL32(?,?,?,?,80000002,?,?,00007FF7F39C71F4), ref: 00007FF7F39D516F
                    • DebugBreak.KERNEL32(?,?,?,?,80000002,?,?,00007FF7F39C71F4), ref: 00007FF7F39D5179
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: BreakByteCharDebugDebuggerMultiPresentWide
                    • String ID:
                    • API String ID: 3840959161-0
                    • Opcode ID: 87db8e0a24a2c6f8f03eb5e6984c383b214689fd3e6677b90878ae4accfceb36
                    • Instruction ID: f50711fea5d2567badccfa2eff4df0a05503c04a71fa6b8374574b4072e11132
                    • Opcode Fuzzy Hash: 87db8e0a24a2c6f8f03eb5e6984c383b214689fd3e6677b90878ae4accfceb36
                    • Instruction Fuzzy Hash: EA319621A0974285E7A0FF16B84502AEBD5FB44BE8F884234DEAD5B7D4DF3CE44187A0
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: FindHandleModuleResource$Version
                    • String ID: 64-bit$OS: Windows %s %d.%d build %d %s$OS: Windows %s SP%d build %d %s$OS: Windows %s build %d %s
                    • API String ID: 3204216930-3208091008
                    • Opcode ID: d4367f22c58a57cd331c302584ddbc9c7df8291df754ddb0ae9401921d64bfc9
                    • Instruction ID: ffa8df9728cda0df01960da636bd0c2117c3c5caf9acb15051298855005822e9
                    • Opcode Fuzzy Hash: d4367f22c58a57cd331c302584ddbc9c7df8291df754ddb0ae9401921d64bfc9
                    • Instruction Fuzzy Hash: B641953261864285EB90EB65E4417FDB770FB85388FD04031EA9D2AAD9DF3DD104CB90
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: BreakCloseDebugDebuggerFileHandlePresentSize
                    • String ID:
                    • API String ID: 4066652494-0
                    • Opcode ID: 80c0f2b9b030c7aa69b5d07f2f234f6b876c7ad55db31b1694351dbf05d62b62
                    • Instruction ID: e688f0b5944dec6c13ff0718774f219d98477c90b81be2828588289b161521ed
                    • Opcode Fuzzy Hash: 80c0f2b9b030c7aa69b5d07f2f234f6b876c7ad55db31b1694351dbf05d62b62
                    • Instruction Fuzzy Hash: 67014E21B1864581FBD0B7356949739E3A0AF547B8F942330FE7E5A5D8DF2CD05046A0
                    APIs
                    • IsDebuggerPresent.KERNEL32(?,?,00000000,00007FF7F39D8358,?,?,?,00007FF7F39D8508,?,?,00000000,00007FF7F39D931C,?,?,?,00007FF7F39D9415), ref: 00007FF7F39D82F8
                    • DebugBreak.KERNEL32(?,?,00000000,00007FF7F39D8358,?,?,?,00007FF7F39D8508,?,?,00000000,00007FF7F39D931C,?,?,?,00007FF7F39D9415), ref: 00007FF7F39D8302
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: BreakDebugDebuggerPresent
                    • String ID:
                    • API String ID: 1472931004-0
                    • Opcode ID: 018863836fdb6a6c3db0eff5223dffe745a678f22513327795481c832c833787
                    • Instruction ID: 0e8fcd20ed61c2b469a7de63efa375ad57802def1e93c87f2a0b8c562ded60f3
                    • Opcode Fuzzy Hash: 018863836fdb6a6c3db0eff5223dffe745a678f22513327795481c832c833787
                    • Instruction Fuzzy Hash: 5831E421A0DB4285EF90EB96D509579E264EB14FC8F844031EEAD2BBC9CE3CE54187A0
                    APIs
                    • IsDebuggerPresent.KERNEL32(?,?,?,00007FF7F39D8508,?,?,00000000,00007FF7F39D931C,?,?,?,00007FF7F39D9415,?,?,80000002,00007FF7F39DB24B), ref: 00007FF7F39D8333
                    • DebugBreak.KERNEL32(?,?,?,00007FF7F39D8508,?,?,00000000,00007FF7F39D931C,?,?,?,00007FF7F39D9415,?,?,80000002,00007FF7F39DB24B), ref: 00007FF7F39D833D
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: BreakDebugDebuggerPresent
                    • String ID:
                    • API String ID: 1472931004-0
                    • Opcode ID: a2e7d65f71bcab925a984c5c803e06843057df218ddf85e0a89d4a3eab5deabd
                    • Instruction ID: f952a5f15d12c7d1e8803d99f91f072f3d3e1ac561aa8179db91dd44e6d3f863
                    • Opcode Fuzzy Hash: a2e7d65f71bcab925a984c5c803e06843057df218ddf85e0a89d4a3eab5deabd
                    • Instruction Fuzzy Hash: DB01A121618B8586EBA0EF569541169F760FB48FC4F884134DFAD2BB86DF3CE542C790
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2358808337.0000000000400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2358808337.00000000008DC000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000AD2000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3C000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B6F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000BEB000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C56000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C85000.00000040.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_biubiu.jbxd
                    Similarity
                    • API ID: TimerWaitable
                    • String ID:
                    • API String ID: 1823812067-0
                    • Opcode ID: dcaffdfaaac17da9b192dbccf71720b6a3e35d34c0bff426f5d50340c8fb3cb4
                    • Instruction ID: ab2d4a0013f413070db8e936b004d49f252a3f7e1e9f61270729a4bcede83f95
                    • Opcode Fuzzy Hash: dcaffdfaaac17da9b192dbccf71720b6a3e35d34c0bff426f5d50340c8fb3cb4
                    • Instruction Fuzzy Hash: 4001B276215F8485EA508B4AE8A035A6360F7C9BA4F544226EEAE97BA4CF39C1118B00

                    Control-flow Graph

                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: Module$FindHandleResource$FileName
                    • String ID: (dbg)$ 64-bit$ [plugin]$ pre-release$3.6$BuiltOn: %s$Crash file: %s$Dll: %s %s$Exe: %s %s$Git: %s (https://github.com/sumatrapdfreader/sumatrapdf/commit/%s)$Type: %s$Ver: %s$dll$libmupdf.dll$static
                    • API String ID: 4290057662-1161021818
                    • Opcode ID: 33a771875fa041484f4e19b3519e7c7e9672a98447e3da037b4afc00d44e73d5
                    • Instruction ID: f4f122ff5edd6c908c9b42cf9a2f1bd470bd9108366b5a3501badc66b6508492
                    • Opcode Fuzzy Hash: 33a771875fa041484f4e19b3519e7c7e9672a98447e3da037b4afc00d44e73d5
                    • Instruction Fuzzy Hash: BC415A50A0C64290EBC4FB17E94AAF8A3516F46BD8FC44136E86D3F3D6DE6DE14483A0

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 1010 7ff7f39c1760-7ff7f39c17c1 1011 7ff7f39c17c5-7ff7f39c1859 call 7ff7f39c1e58 call 7ff7f39c1000 call 7ff7f39c20f6 call 7ff7f39c1c99 1010->1011 1019 7ff7f39c185e-7ff7f39c1860 1011->1019 1020 7ff7f39c1af6-7ff7f39c1afe 1019->1020 1021 7ff7f39c1866-7ff7f39c1880 call 7ff7f39c20f6 call 7ff7f39c1c99 1019->1021 1023 7ff7f39c1b52-7ff7f39c1b5e call 7ff7f39c1e6a 1020->1023 1024 7ff7f39c1b00-7ff7f39c1b4d call 7ff7f39c1f4e 1020->1024 1021->1020 1033 7ff7f39c1886-7ff7f39c18a5 1021->1033 1030 7ff7f39c1b65-7ff7f39c1ba3 call 7ff7f39e59b0 1023->1030 1024->1023 1035 7ff7f39c1aa8-7ff7f39c1abb call 7ff7f39e5cc0 1033->1035 1036 7ff7f39c18ab-7ff7f39c18b5 1033->1036 1035->1036 1042 7ff7f39c1ac1-7ff7f39c1af1 GetModuleHandleW GetProcAddress call 7ff7f39e5c54 1035->1042 1038 7ff7f39c199b-7ff7f39c19aa call 7ff7f39c1e6a 1036->1038 1039 7ff7f39c18bb-7ff7f39c18e2 1036->1039 1038->1011 1046 7ff7f39c19b0-7ff7f39c1b60 1038->1046 1039->1038 1047 7ff7f39c18e8-7ff7f39c18ed 1039->1047 1042->1036 1046->1030 1047->1038 1050 7ff7f39c18f3-7ff7f39c1925 call 7ff7f39c1e58 call 7ff7f39c20de 1047->1050 1055 7ff7f39c1993-7ff7f39c1996 call 7ff7f39c1e6a 1050->1055 1056 7ff7f39c1927-7ff7f39c194f call 7ff7f39c20f6 1050->1056 1055->1038 1061 7ff7f39c1951-7ff7f39c195b call 7ff7f39c20f6 1056->1061 1062 7ff7f39c1988 call 7ff7f39c1e6a 1056->1062 1067 7ff7f39c1983 1061->1067 1068 7ff7f39c195d-7ff7f39c1964 1061->1068 1065 7ff7f39c198d-7ff7f39c1991 1062->1065 1065->1038 1067->1062 1069 7ff7f39c1966-7ff7f39c1975 call 7ff7f39f68c4 1068->1069 1072 7ff7f39c19b5-7ff7f39c19f4 call 7ff7f39c1f4e call 7ff7f39c1e6a call 7ff7f39c1df2 1069->1072 1073 7ff7f39c1977-7ff7f39c1981 1069->1073 1080 7ff7f39c1a9a-7ff7f39c1aa0 1072->1080 1081 7ff7f39c19fa-7ff7f39c19fd 1072->1081 1073->1067 1073->1069 1080->1038 1083 7ff7f39c1aa6 1080->1083 1081->1080 1082 7ff7f39c1a03-7ff7f39c1a42 call 7ff7f39c1ec6 call 7ff7f39f6bb0 1081->1082 1082->1065 1088 7ff7f39c1a48-7ff7f39c1a56 call 7ff7f39c1f4e 1082->1088 1083->1020 1091 7ff7f39c1a5b-7ff7f39c1a74 call 7ff7f39f6bb0 1088->1091 1091->1065 1094 7ff7f39c1a7a-7ff7f39c1a96 call 7ff7f39c2032 * 2 1091->1094 1094->1091 1099 7ff7f39c1a98 1094->1099 1099->1020
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: AddressCloseHandleModuleOpenProcQueryValue
                    • String ID: GetCurrentPackageInfo$Microsoft.WebView2Runtime.Beta_8wekyb3d8bbwe$Microsoft.WebView2Runtime.Canary_8wekyb3d8bbwe$Microsoft.WebView2Runtime.Dev_8wekyb3d8bbwe$Microsoft.WebView2Runtime.Internal_8wekyb3d8bbwe$Microsoft.WebView2Runtime.Stable_8wekyb3d8bbwe$beta$canary$dev$internal$kernelbase.dll
                    • API String ID: 696543570-4251609998
                    • Opcode ID: cd599c71a7bf5a2447a3ca72ae806c2fe3c97e9697ffdaafdd3893e8f2ba096f
                    • Instruction ID: 7abb1c04711891511319ca9dca364b992a7af6ce4679aa18ebfd8acb35f37d89
                    • Opcode Fuzzy Hash: cd599c71a7bf5a2447a3ca72ae806c2fe3c97e9697ffdaafdd3893e8f2ba096f
                    • Instruction Fuzzy Hash: 85B16231A0CA4285FB90FB16A4507BAE3A0BF857C4F804131EDAD2B7D5DE2DE545CBA4

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 1176 7ff7f39d8ffc-7ff7f39d8fff 1177 7ff7f39d9005-7ff7f39d901b 1176->1177 1178 7ff7f39d914d 1176->1178 1179 7ff7f39d9140-7ff7f39d914c 1177->1179 1180 7ff7f39d9021-7ff7f39d9028 1177->1180 1179->1178 1181 7ff7f39d9036-7ff7f39d904f 1180->1181 1182 7ff7f39d902a 1180->1182 1184 7ff7f39d9096-7ff7f39d90b1 SetNamedPipeHandleState 1181->1184 1185 7ff7f39d9051-7ff7f39d908d CreateFileW 1181->1185 1183 7ff7f39d902d-7ff7f39d9034 1182->1183 1183->1181 1183->1183 1187 7ff7f39d90b3-7ff7f39d90ba OutputDebugStringA 1184->1187 1188 7ff7f39d90c0-7ff7f39d90c3 1184->1188 1185->1179 1186 7ff7f39d9093 1185->1186 1186->1184 1187->1188 1189 7ff7f39d90c5-7ff7f39d90db call 7ff7f39d8df4 1188->1189 1190 7ff7f39d910a-7ff7f39d912a WriteFile 1188->1190 1194 7ff7f39d90ec 1189->1194 1195 7ff7f39d90dd 1189->1195 1190->1179 1192 7ff7f39d912c-7ff7f39d9139 CloseHandle 1190->1192 1192->1179 1197 7ff7f39d90ef-7ff7f39d9104 WriteFile 1194->1197 1196 7ff7f39d90e0-7ff7f39d90e8 1195->1196 1196->1196 1198 7ff7f39d90ea 1196->1198 1197->1190 1198->1197
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: File$HandleWrite$CloseCreateDebugNamedOutputPipeStateString
                    • String ID: SumatraPDF$\\.\pipe\LOCAL\ArsLexis-Logger$app: %s$logPipe: SetNamedPipeHandleState() failed
                    • API String ID: 2955090800-341793648
                    • Opcode ID: facb7063b47ca2a6fd09c0e1987f17094fdd9baaf66164a00c8ba38277485d37
                    • Instruction ID: 1ad25d7fcdaa9660e62c500150f60952222c8118320c3f78de7199209a316b65
                    • Opcode Fuzzy Hash: facb7063b47ca2a6fd09c0e1987f17094fdd9baaf66164a00c8ba38277485d37
                    • Instruction Fuzzy Hash: DE319321A09642C2FB90FB22F849B75A390EF447A8F905235E97D6A6E4DF3DD045C7A0

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 1199 7ff7f3a0d650-7ff7f3a0d6dc call 7ff7f3a0d21c 1202 7ff7f3a0d707-7ff7f3a0d724 1199->1202 1203 7ff7f3a0d6de-7ff7f3a0d702 call 7ff7f3a0d5a4 RaiseException 1199->1203 1204 7ff7f3a0d739-7ff7f3a0d73d 1202->1204 1205 7ff7f3a0d726-7ff7f3a0d737 1202->1205 1209 7ff7f3a0d92b-7ff7f3a0d94b 1203->1209 1208 7ff7f3a0d740-7ff7f3a0d74c 1204->1208 1205->1208 1210 7ff7f3a0d76d-7ff7f3a0d770 1208->1210 1211 7ff7f3a0d74e-7ff7f3a0d760 1208->1211 1212 7ff7f3a0d817-7ff7f3a0d81e 1210->1212 1213 7ff7f3a0d776-7ff7f3a0d779 1210->1213 1219 7ff7f3a0d8fc-7ff7f3a0d906 1211->1219 1220 7ff7f3a0d766 1211->1220 1215 7ff7f3a0d820-7ff7f3a0d82f 1212->1215 1216 7ff7f3a0d832-7ff7f3a0d835 1212->1216 1217 7ff7f3a0d77b-7ff7f3a0d78e 1213->1217 1218 7ff7f3a0d790-7ff7f3a0d7a5 LoadLibraryExA 1213->1218 1215->1216 1221 7ff7f3a0d8da-7ff7f3a0d8f7 call 7ff7f3a0d130 1216->1221 1222 7ff7f3a0d83b-7ff7f3a0d83f 1216->1222 1217->1218 1224 7ff7f3a0d7fc-7ff7f3a0d805 1217->1224 1223 7ff7f3a0d7a7-7ff7f3a0d7ba GetLastError 1218->1223 1218->1224 1227 7ff7f3a0d908-7ff7f3a0d919 1219->1227 1228 7ff7f3a0d923-7ff7f3a0d928 call 7ff7f3a0d5a4 1219->1228 1220->1210 1221->1219 1234 7ff7f3a0d870-7ff7f3a0d883 GetProcAddress 1222->1234 1235 7ff7f3a0d841-7ff7f3a0d845 1222->1235 1225 7ff7f3a0d7bc-7ff7f3a0d7cf 1223->1225 1226 7ff7f3a0d7d1-7ff7f3a0d7f7 call 7ff7f3a0d5a4 RaiseException 1223->1226 1229 7ff7f3a0d807-7ff7f3a0d80a FreeLibrary 1224->1229 1230 7ff7f3a0d810 1224->1230 1225->1224 1225->1226 1226->1209 1227->1228 1228->1209 1229->1230 1230->1212 1234->1221 1239 7ff7f3a0d885-7ff7f3a0d898 GetLastError 1234->1239 1235->1234 1236 7ff7f3a0d847-7ff7f3a0d852 1235->1236 1236->1234 1240 7ff7f3a0d854-7ff7f3a0d85b 1236->1240 1244 7ff7f3a0d89a-7ff7f3a0d8ad 1239->1244 1245 7ff7f3a0d8af-7ff7f3a0d8d6 call 7ff7f3a0d5a4 RaiseException call 7ff7f3a0d21c 1239->1245 1240->1234 1246 7ff7f3a0d85d-7ff7f3a0d862 1240->1246 1244->1221 1244->1245 1245->1221 1246->1234 1248 7ff7f3a0d864-7ff7f3a0d86e 1246->1248 1248->1221 1248->1234
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: ExceptionRaise$ErrorLastLibraryLoad
                    • String ID: H
                    • API String ID: 948315288-2852464175
                    • Opcode ID: 4224524ed5142f81ff184471ce2c4dcbd52c49b28acbe27d1f24d136d9f3b4a7
                    • Instruction ID: 8bd59e49ac091053a8d98ba620eb80d6150880518a0ed5524f9ef20b248251e4
                    • Opcode Fuzzy Hash: 4224524ed5142f81ff184471ce2c4dcbd52c49b28acbe27d1f24d136d9f3b4a7
                    • Instruction Fuzzy Hash: 21916472B0575189EB84EF66D844AA873A1BF08798F844435EE2D2F798DF78E444C7A0

                    Control-flow Graph

                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: NamePath$Full$Long
                    • String ID: \\?\
                    • API String ID: 4201774850-4282027825
                    • Opcode ID: 8ea293e4971047c248d49af26af3ba3c24823d181ecd630a4eaf58a96f6b3b43
                    • Instruction ID: ddc4f488c25204b13873b6719197b8ecc4ca50b1d32e72dae6eaba0256129ae7
                    • Opcode Fuzzy Hash: 8ea293e4971047c248d49af26af3ba3c24823d181ecd630a4eaf58a96f6b3b43
                    • Instruction Fuzzy Hash: 6041B210F0965241EB94FB2BA81A679A2915F96FE4F944230DDBE3F7D6DE3CE40142A0
                    APIs
                    • RegOpenKeyExW.KERNEL32(?,?,00000000,InstallLocation,00000000,00007FF7F39DB226,?,?,?,?,00000000,00007FF7F39DB286,?,?,?,00007FF7F39C695C), ref: 00007FF7F39DB10C
                    • RegQueryValueExW.KERNEL32(?,?,00000000,InstallLocation,00000000,00007FF7F39DB226,?,?,?,?,00000000,00007FF7F39DB286,?,?,?,00007FF7F39C695C), ref: 00007FF7F39DB13C
                    • RegQueryValueExW.KERNEL32(?,?,00000000,InstallLocation,00000000,00007FF7F39DB226,?,?,?,?,00000000,00007FF7F39DB286,?,?,?,00007FF7F39C695C), ref: 00007FF7F39DB17D
                    • RegCloseKey.KERNEL32(?,?,00000000,InstallLocation,00000000,00007FF7F39DB226,?,?,?,?,00000000,00007FF7F39DB286,?,?,?,00007FF7F39C695C), ref: 00007FF7F39DB19C
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: QueryValue$CloseOpen
                    • String ID: InstallLocation
                    • API String ID: 1586453840-779285727
                    • Opcode ID: 43cf9dfa9b74968d3e6809814a3a8e66f8ec75886a5b28f6670766f8fd318fd0
                    • Instruction ID: 91114bffc3bd00fe269ad1eaa1d2c7a8bfaa208f399a08713ec6cd82d26e1b06
                    • Opcode Fuzzy Hash: 43cf9dfa9b74968d3e6809814a3a8e66f8ec75886a5b28f6670766f8fd318fd0
                    • Instruction Fuzzy Hash: 4E41D521B0C65241EBB0FA23A95667BD281BF45BE8FC44230DDBD6BBC5EE2CD4458790
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: Window$MessageProcRegister
                    • String ID: UITask_Msg_StdFunction$uitask::WndProcTaskDispatch: did execute, will delete func 0x%p$uitask::WndProcTaskDispatch: will execute '%s', func 0x%p
                    • API String ID: 136062168-3012746926
                    • Opcode ID: ada60420ad5c79cf3ab6defc7b128b49b5a799aec005c7903985b2100348ac67
                    • Instruction ID: 9860829157f8175994bd8a1e94c189f25b09a13ef4790d02fc85be021309f10d
                    • Opcode Fuzzy Hash: ada60420ad5c79cf3ab6defc7b128b49b5a799aec005c7903985b2100348ac67
                    • Instruction Fuzzy Hash: 89118720A0C64281E7D0FB16E855579E250AF54BE8FD41631E97D6FBD5DE6CE44082F0
                    APIs
                    • IsDebuggerPresent.KERNEL32(?,?,?,00007FF7F39D9415,?,?,80000002,00007FF7F39DB24B,?,?,?,?,00000000,00007FF7F39DB286), ref: 00007FF7F39D91FA
                    • OutputDebugStringA.KERNEL32(?,?,?,00007FF7F39D9415,?,?,80000002,00007FF7F39DB24B,?,?,?,?,00000000,00007FF7F39DB286), ref: 00007FF7F39D9210
                    • EnterCriticalSection.KERNEL32(?,?,?,00007FF7F39D9415,?,?,80000002,00007FF7F39DB24B,?,?,?,?,00000000,00007FF7F39DB286), ref: 00007FF7F39D925B
                    • HeapCreate.KERNEL32(?,?,?,00007FF7F39D9415,?,?,80000002,00007FF7F39DB24B,?,?,?,?,00000000,00007FF7F39DB286), ref: 00007FF7F39D9296
                    • LeaveCriticalSection.KERNEL32(?,?,?,00007FF7F39D9415,?,?,80000002,00007FF7F39DB24B,?,?,?,?,00000000,00007FF7F39DB286), ref: 00007FF7F39D93A1
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: CriticalSection$CreateDebugDebuggerEnterHeapLeaveOutputPresentString
                    • String ID:
                    • API String ID: 3354831384-0
                    • Opcode ID: a99ab15096b3f88dec0c19f9fe7917bf54d15cae34e21d7ec22c985bcabd1444
                    • Instruction ID: 7fa1a62ddc9119d33170f8782b05d87e922e7786539cb945132d846b437beb19
                    • Opcode Fuzzy Hash: a99ab15096b3f88dec0c19f9fe7917bf54d15cae34e21d7ec22c985bcabd1444
                    • Instruction Fuzzy Hash: 7071C221A0D64285FBD4FB22A94937AE750AF01BA8FC44135E9BD6F7D1DE2DE44183E0
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: CloseOpenQueryValue
                    • String ID: EBWebView
                    • API String ID: 3677997916-998646055
                    • Opcode ID: 6086489e5ceaa266ba46d4d170cee5728a141c1b609420fd064d03a7b8d838dc
                    • Instruction ID: 1dec786279de45949be5b3f9c4a351867008a2b58a3a78974ae0f37611a4d886
                    • Opcode Fuzzy Hash: 6086489e5ceaa266ba46d4d170cee5728a141c1b609420fd064d03a7b8d838dc
                    • Instruction Fuzzy Hash: 2D31A43271C64241EBA0EB56A4546BAE3D0AF447D4F804130EE9D2BBD9DE7CD1058F64
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: CloseOpen
                    • String ID: Software\Policies\Microsoft\Edge\WebView2\
                    • API String ID: 47109696-3769946317
                    • Opcode ID: 696c51441d1ede970e42cff7251d8a9ec99b45ea76b793fad62e5a2b522ec558
                    • Instruction ID: 5ab63a5f099d1d52438beab9da329a9ab46fbcfce43b2fe4459345608a2529d2
                    • Opcode Fuzzy Hash: 696c51441d1ede970e42cff7251d8a9ec99b45ea76b793fad62e5a2b522ec558
                    • Instruction Fuzzy Hash: 5FF0B432B18B5081F790AB11F951B966360BB48BE0F815131ED5E2B754CF3CD855CB90
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: AppendDirectoryLibraryLoadPathSystem
                    • String ID:
                    • API String ID: 3352590915-0
                    • Opcode ID: f085d006dfc7bcd316306098a1b3a035f7779b2e9e003a718aa16d5bf6b6f721
                    • Instruction ID: 4bdea96b1198ca1783cd82a84c8e32b2b00a5816dcdc9da4d5b83a8a26604a24
                    • Opcode Fuzzy Hash: f085d006dfc7bcd316306098a1b3a035f7779b2e9e003a718aa16d5bf6b6f721
                    • Instruction Fuzzy Hash: 9201882161C54381FBE0F721E86B3BAA250AF54768FC40231D5BE9E2D5DE2CE5448670
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: AttributesFile
                    • String ID: EBWebView\x64\EmbeddedBrowserWebView.dll
                    • API String ID: 3188754299-136868923
                    • Opcode ID: 824d6bee647c771a9bc6b7b20a54265b4008dc8ab4d01a6a7c791a9347a8b397
                    • Instruction ID: 982f0aa0e33e645ec68aa9047381d293d83dcd7ac49bf890ba3f7f7ad097a90b
                    • Opcode Fuzzy Hash: 824d6bee647c771a9bc6b7b20a54265b4008dc8ab4d01a6a7c791a9347a8b397
                    • Instruction Fuzzy Hash: 0CE08C04E0801342EF84F326A4410F852002F04BE0BD05232E87E3E7D69F0CA9838B94
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: __scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                    • String ID:
                    • API String ID: 3070443116-0
                    • Opcode ID: 85c2c8c907463df56c1889796e6d9c2a3c87a9523d1629e81a55587031d48fca
                    • Instruction ID: 7367811ea970e262a57942ece9e02051a7d8d557a10f9f62ea530267eada703f
                    • Opcode Fuzzy Hash: 85c2c8c907463df56c1889796e6d9c2a3c87a9523d1629e81a55587031d48fca
                    • Instruction Fuzzy Hash: E6314621E0C10741FBD4F76594627F9A281AF41388FC44234E67D6F2D7CE2CE88486B2
                    APIs
                    • CreateDirectoryW.KERNEL32(?,?,?,00007FF7F39C6AD3,?,?,00000000,00007FF7F39C66FD), ref: 00007FF7F39DA8F7
                    • GetLastError.KERNEL32(?,?,?,00007FF7F39C6AD3,?,?,00000000,00007FF7F39C66FD), ref: 00007FF7F39DA901
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: CreateDirectoryErrorLast
                    • String ID:
                    • API String ID: 1375471231-0
                    • Opcode ID: da20b90b015b2d6ad8f382e1d29b98886eab32f64a513c56bd379171af9060a7
                    • Instruction ID: fd8c5763de23811f72d69b88bdbb71fed2ec4b48dee8e1762333820645b2834d
                    • Opcode Fuzzy Hash: da20b90b015b2d6ad8f382e1d29b98886eab32f64a513c56bd379171af9060a7
                    • Instruction Fuzzy Hash: 2511A321E0D29241FFE8FB22550A279D6815F54BA8F884234EDBE2E7C6DE1CE45247B1
                    APIs
                    • CommandLineToArgvW.SHELL32(?,?,?,00007FF7F39E117B,?,?,?,00007FF7F39C94CB), ref: 00007FF7F39E10D2
                    • LocalFree.KERNEL32(?,?,?,00007FF7F39E117B,?,?,?,00007FF7F39C94CB), ref: 00007FF7F39E112F
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: ArgvCommandFreeLineLocal
                    • String ID:
                    • API String ID: 1203019955-0
                    • Opcode ID: b459e77dde6630be4528dc8bc1385bd31647086e1fe30c1bda599b3fe36ff38b
                    • Instruction ID: 636d32444428a07c41728339ca3b7a5b678bb1d0f23ab69857966c0e6acb3c28
                    • Opcode Fuzzy Hash: b459e77dde6630be4528dc8bc1385bd31647086e1fe30c1bda599b3fe36ff38b
                    • Instruction Fuzzy Hash: 2301C412A0C58185E791BB27E4041AAE690AF89BF8F884335EE7C1B7C5DE7CD4818771
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: _invalid_parameter_noinfo
                    • String ID:
                    • API String ID: 3215553584-0
                    • Opcode ID: 2c630afd332f002b63c51c70096553ee46bac6b1a4b11e8b8bccea2b2e7dc06e
                    • Instruction ID: b0c84ad0d73ea1fd31878f574107ac441ea2578bf8b01c522cf2b52c464d1605
                    • Opcode Fuzzy Hash: 2c630afd332f002b63c51c70096553ee46bac6b1a4b11e8b8bccea2b2e7dc06e
                    • Instruction Fuzzy Hash: 05119322A1C64281EFA1FF619400179E360BF85B88F944135EABD6F7C6CF3CD85087A0
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: _invalid_parameter_noinfo
                    • String ID:
                    • API String ID: 3215553584-0
                    • Opcode ID: 173874860452c2bcb58f0dd425c016f6f7bc1c0bec897b8bbda1a3ff463e70f8
                    • Instruction ID: 0ecb62b6c19633099d24d5bf167720609616d0b3d62322b9767221960f160710
                    • Opcode Fuzzy Hash: 173874860452c2bcb58f0dd425c016f6f7bc1c0bec897b8bbda1a3ff463e70f8
                    • Instruction Fuzzy Hash: 9C210A72A0864187D7A1AF2AE440779F3A0EB84B54F944238F67D4F6E5DF3DD8048B50
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: _invalid_parameter_noinfo
                    • String ID:
                    • API String ID: 3215553584-0
                    • Opcode ID: 2bdc0619ea899bd445cc79ab6c6eaafd6df5338af5ba87d144f0f6c6e579689d
                    • Instruction ID: 689d4d2b438e72c0f821c8c46cf4492d47c8fa75983cb543e27556619ec64c2d
                    • Opcode Fuzzy Hash: 2bdc0619ea899bd445cc79ab6c6eaafd6df5338af5ba87d144f0f6c6e579689d
                    • Instruction Fuzzy Hash: 41116D3691C64286F394FB25A440529E3A4EF44748F950434EA7E6F7E6DF3CE8208BA0
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: FolderPath
                    • String ID:
                    • API String ID: 1514166925-0
                    • Opcode ID: 44167f3ea1cb0631f6396ba95335629effc69971636c2e13df49d4e90bb4fc3c
                    • Instruction ID: 098b1ff3512b4c104ad6fe9f4f65f3dfac59fbc6a0ecfa60042c7fb0ff737d39
                    • Opcode Fuzzy Hash: 44167f3ea1cb0631f6396ba95335629effc69971636c2e13df49d4e90bb4fc3c
                    • Instruction Fuzzy Hash: A101F521B1C68142E7B0AB35E4567ABA291EFC1364F841331EABD5F7C9DE3CC0008B50
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: CreateFile
                    • String ID:
                    • API String ID: 823142352-0
                    • Opcode ID: 624a2f284f066f5b7109ce7e0eb47b86bea793bd890cafc28de6e601381f3eb9
                    • Instruction ID: f31288f3f8915461cbdac7d6dbf5d5ed571ec47b55b9232e4f5090c2a87dae76
                    • Opcode Fuzzy Hash: 624a2f284f066f5b7109ce7e0eb47b86bea793bd890cafc28de6e601381f3eb9
                    • Instruction Fuzzy Hash: FAE02BB1A1914282FBE0FB31942A77A55805F543BCF804330EABA1E7C5CF3C94444BB5
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: Concurrency::cancel_current_taskstd::bad_alloc::bad_alloc
                    • String ID:
                    • API String ID: 680105476-0
                    • Opcode ID: b13466ec24bb5a2356caac1bf8417d45adc38558e2e13412f1d284cc5069852c
                    • Instruction ID: 14445a8b0ee2366b0c2010ab77ae873165aecf51b69c1af7130a5b4a68c2c182
                    • Opcode Fuzzy Hash: b13466ec24bb5a2356caac1bf8417d45adc38558e2e13412f1d284cc5069852c
                    • Instruction Fuzzy Hash: A2E0B600E1D20749FBD8F26614260B580400F5937CFE81730DA7D2D2C6BD1CE8D586B2
                    APIs
                    • __scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FF7F39E5A64
                      • Part of subcall function 00007FF7F39E7EC0: __vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00007FF7F39E7EC8
                      • Part of subcall function 00007FF7F39E7EC0: __vcrt_uninitialize_locks.LIBVCRUNTIME ref: 00007FF7F39E7ECD
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: __scrt_dllmain_crt_thread_attach__vcrt_uninitialize_locks__vcrt_uninitialize_ptd
                    • String ID:
                    • API String ID: 1208906642-0
                    • Opcode ID: 71c50729f4b48b8ee7e0085aaf59efb4b2074e515003a32fed042b36d47f9501
                    • Instruction ID: 1d0373d452c25b6b1b34dda01b5b081e241c225c8078d3d9367dde44906211b2
                    • Opcode Fuzzy Hash: 71c50729f4b48b8ee7e0085aaf59efb4b2074e515003a32fed042b36d47f9501
                    • Instruction Fuzzy Hash: BBE01251D0C14359FFE4B22005A66B882420F2230CFC00278D83D2A1E38D1EA48A22F3
                    APIs
                      • Part of subcall function 00007FF7F39FB264: HeapAlloc.KERNEL32(?,?,00000000,00007FF7F39F5813,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FF7F39FB2A2
                    • HeapReAlloc.KERNEL32(?,?,00000000,00007FF7F3A075D7,?,?,?,00007FF7F39FA753,?,?,?,00007FF7F39FA649,?,?,?,00007FF7F39FAA2A), ref: 00007FF7F39FD321
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: AllocHeap
                    • String ID:
                    • API String ID: 4292702814-0
                    • Opcode ID: 6aa5f07c7b917bfd9ac4351f3b7a3983269724184cc1f41de44970aeabb3ce4b
                    • Instruction ID: f7373b9964bc54f978bebc93cc538d058940e7a8152751313171b6c002d0df89
                    • Opcode Fuzzy Hash: 6aa5f07c7b917bfd9ac4351f3b7a3983269724184cc1f41de44970aeabb3ce4b
                    • Instruction Fuzzy Hash: 7401E810E1C64344FBE5FB7269512B992905F957ACF885630ED3DAE2CADE2CE44086F1
                    APIs
                    • HeapAlloc.KERNEL32(?,?,00000000,00007FF7F39FC0E6,?,?,?,00007FF7F39F348D,?,?,?,?,00007FF7F39FB25C), ref: 00007FF7F39FB205
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: AllocHeap
                    • String ID:
                    • API String ID: 4292702814-0
                    • Opcode ID: c69910d03e4ca27555ac760f2a9c81f9eff129a0107faa187a45c23bde7ad54e
                    • Instruction ID: daa1260a9ea41111eb2d1f860ef30d97ca118843f004c34fa80177908b4184e0
                    • Opcode Fuzzy Hash: c69910d03e4ca27555ac760f2a9c81f9eff129a0107faa187a45c23bde7ad54e
                    • Instruction Fuzzy Hash: A2F04944B0920244FFD5FBB698502BA92905F55B98F884430DD3EAE2D6EE1CE58082B0
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2358808337.0000000000400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2358808337.00000000008DC000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000AD2000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3C000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B6F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000BEB000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C56000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C85000.00000040.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_biubiu.jbxd
                    Similarity
                    • API ID: AllocVirtual
                    • String ID:
                    • API String ID: 4275171209-0
                    • Opcode ID: 33b54bf97a7912f954cb5ac1813d54e14e05c2a316259aa94b24e2224a416175
                    • Instruction ID: f11e71f3e57f5495556562eb2977a696671aac26b7f7c6084a7b1c1db1733e78
                    • Opcode Fuzzy Hash: 33b54bf97a7912f954cb5ac1813d54e14e05c2a316259aa94b24e2224a416175
                    • Instruction Fuzzy Hash: C5F01476A11B8082DB218F5AE9513297370F74CBE4F244216DE9DA7B24CB29E592C240
                    APIs
                    • HeapAlloc.KERNEL32(?,?,00000000,00007FF7F39F5813,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FF7F39FB2A2
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: AllocHeap
                    • String ID:
                    • API String ID: 4292702814-0
                    • Opcode ID: 8dc80dc8416c1ef30b56f0de0f3d0341aecfbf63d7fc8b5e0ad5df8c65fd947f
                    • Instruction ID: c667770bfc18fb81c080e330788539f99731b800463246bb15773a2ff77f7dd2
                    • Opcode Fuzzy Hash: 8dc80dc8416c1ef30b56f0de0f3d0341aecfbf63d7fc8b5e0ad5df8c65fd947f
                    • Instruction Fuzzy Hash: 3DF05800A1C20344FBE5FFB258402BD92805FA57B8F884234DC3EAE2C2EE2CE44096F0
                    APIs
                      • Part of subcall function 00007FF7F39D9150: IsDebuggerPresent.KERNEL32(?,?,?,00007FF7F39D9415,?,?,80000002,00007FF7F39DB24B,?,?,?,?,00000000,00007FF7F39DB286), ref: 00007FF7F39D91FA
                      • Part of subcall function 00007FF7F39D9150: OutputDebugStringA.KERNEL32(?,?,?,00007FF7F39D9415,?,?,80000002,00007FF7F39DB24B,?,?,?,?,00000000,00007FF7F39DB286), ref: 00007FF7F39D9210
                    • GetTempPathW.KERNEL32 ref: 00007FF7F39D3684
                    • IsDebuggerPresent.KERNEL32 ref: 00007FF7F39D3693
                    • DebugBreak.KERNEL32 ref: 00007FF7F39D369D
                      • Part of subcall function 00007FF7F39DBFDC: CreateProcessW.KERNEL32 ref: 00007FF7F39DC099
                    • ExitProcess.KERNEL32 ref: 00007FF7F39D3883
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: DebugDebuggerPresentProcess$BreakCreateExitOutputPathStringTemp
                    • String ID: already running elevated and from temp dir$ already running from temp dir$ copying installer '%s' to '%s'$ failed to copy installer$ -all-users$ -log$ -silent$-uninstall$LaunchElevated('%s', '%s')$LaunchElevated() failed to launch '%s' '%s'$LaunchElevated() launched '%s' '%s' ok!$LaunchProcessWithCmdLine('%s' '%s')$LaunchProcessWithCmdLine() failed to launch '%s' '%s'$LaunchProcessWithCmdLine() launched '%s' '%s' ok!$RelaunchMaybeElevatedFromTempDirectory()$Sumatra-Uninstaller.exe
                    • API String ID: 979075103-781243766
                    • Opcode ID: f38e698d9c29f64b1a9618290951e4e90410a219b69f3d5d37231f59c015e1ab
                    • Instruction ID: b27193bfa05a7566ccab4c5ecc637bb1293202e4659190332c82d2ec4f85e861
                    • Opcode Fuzzy Hash: f38e698d9c29f64b1a9618290951e4e90410a219b69f3d5d37231f59c015e1ab
                    • Instruction Fuzzy Hash: D4619F50A0CA4341FBE4F722A89A6B9E351AF55788FC40035E9AD7F6D6DE2CE10587E0
                    APIs
                    • EnumPrintersW.WINSPOOL.DRV ref: 00007FF7F39C88EC
                    • GetLastError.KERNEL32 ref: 00007FF7F39C88F8
                    • EnumPrintersW.WINSPOOL.DRV ref: 00007FF7F39C893E
                    • DeviceCapabilitiesW.WINSPOOL.DRV ref: 00007FF7F39C8A4E
                    • DeviceCapabilitiesW.WINSPOOL.DRV ref: 00007FF7F39C8A6C
                    • IsDebuggerPresent.KERNEL32 ref: 00007FF7F39C8A7A
                    • DebugBreak.KERNEL32 ref: 00007FF7F39C8A84
                    • GetLastError.KERNEL32 ref: 00007FF7F39C8BC4
                      • Part of subcall function 00007FF7F39E01E8: WideCharToMultiByte.KERNEL32(?,?,?,?,00000000,80000002,00000000,00007FF7F39DB1DF,?,?,00000000,InstallLocation,00000000,00007FF7F39DB226), ref: 00007FF7F39E0264
                      • Part of subcall function 00007FF7F39E01E8: WideCharToMultiByte.KERNEL32(?,?,?,?,00000000,80000002,00000000,00007FF7F39DB1DF,?,?,00000000,InstallLocation,00000000,00007FF7F39DB226), ref: 00007FF7F39E02A6
                      • Part of subcall function 00007FF7F39E01E8: IsDebuggerPresent.KERNEL32(?,?,?,?,00000000,80000002,00000000,00007FF7F39DB1DF,?,?,00000000,InstallLocation,00000000,00007FF7F39DB226), ref: 00007FF7F39E02B4
                      • Part of subcall function 00007FF7F39E01E8: DebugBreak.KERNEL32(?,?,?,?,00000000,80000002,00000000,00007FF7F39DB1DF,?,?,00000000,InstallLocation,00000000,00007FF7F39DB226), ref: 00007FF7F39E02BE
                      • Part of subcall function 00007FF7F39E01E8: IsDebuggerPresent.KERNEL32(?,?,?,?,00000000,80000002,00000000,00007FF7F39DB1DF,?,?,00000000,InstallLocation,00000000,00007FF7F39DB226), ref: 00007FF7F39E02D2
                      • Part of subcall function 00007FF7F39E01E8: DebugBreak.KERNEL32(?,?,?,?,00000000,80000002,00000000,00007FF7F39DB1DF,?,?,00000000,InstallLocation,00000000,00007FF7F39DB226), ref: 00007FF7F39E02DC
                    • GetLastError.KERNEL32 ref: 00007FF7F39C8AAE
                    • DeviceCapabilitiesW.WINSPOOL.DRV ref: 00007FF7F39C8AF5
                    • DeviceCapabilitiesW.WINSPOOL.DRV ref: 00007FF7F39C8B25
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: CapabilitiesDevice$BreakDebugDebuggerErrorLastPresent$ByteCharEnumMultiPrintersWide
                    • String ID: - '%s' (%d)$ - Call to DeviceCapabilities failed with error %#x$ - no paper bins available$%s (Port: %s, attributes: %#x%s)$, default$Call to EnumPrinters failed with error %#x$SumatraPDF - EnumeratePrinters
                    • API String ID: 2072030555-4105443767
                    • Opcode ID: 476b6856dda5af7786f4fdd23e77bc5ac5f0db905ec352a6c60a3e9010af969f
                    • Instruction ID: aba425e205c9925fa772f012a291b78e7d6ab9d1a1ad2c7460dd5bd6edbfc699
                    • Opcode Fuzzy Hash: 476b6856dda5af7786f4fdd23e77bc5ac5f0db905ec352a6c60a3e9010af969f
                    • Instruction Fuzzy Hash: 4BB19261B0864386FB94FB6294156BEA3A1AB447D8F804231DD3E3B7D5DE3CD50587A0
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID: "%1" "%2" "%3" "%4"$ -print-to "%2" "%1"$ -print-to-default "%1"$ File$.cb7$.cbr$.cbt$.cbz$.epub$.pdf$.pdf$ApplicationCompany$ApplicationName$Icon$Krzysztof Kowalczyk$LoggedWriteRegNone(%s, %s, %s) => '%d'$Software\Classes\$SumatraPDF$\Application$\DefaultIcon$\OpenWithProgids$\shell\PrintTo\command$\shell\Print\command$\shell\open$\shell\open\command
                    • API String ID: 0-2838633847
                    • Opcode ID: 37bec71a59947fbad81da61db091bcfad092a185de6c679723d73624853e590f
                    • Instruction ID: 1f8344f9f2b560f8646f4102057bc26e5cc21272a99cf16e337d8be424d128db
                    • Opcode Fuzzy Hash: 37bec71a59947fbad81da61db091bcfad092a185de6c679723d73624853e590f
                    • Instruction Fuzzy Hash: 2DA18D56A1DA5340FBD1F7229815ABA9281AF45BD8FC04131EC3E3FBD6DE2CE50587A0
                    APIs
                      • Part of subcall function 00007FF7F39D2E70: GetUserDefaultUILanguage.KERNEL32(?,?,?,?,00007FF7F39CC84D), ref: 00007FF7F39D2E74
                      • Part of subcall function 00007FF7F39D9470: IsDebuggerPresent.KERNEL32(?,?,00000000,00007FF7F39CC8DE), ref: 00007FF7F39D948A
                      • Part of subcall function 00007FF7F39D9470: DebugBreak.KERNEL32(?,?,00000000,00007FF7F39CC8DE), ref: 00007FF7F39D9494
                    • GetCommandLineW.KERNEL32 ref: 00007FF7F39CC9FD
                    • ExitProcess.KERNEL32 ref: 00007FF7F39CCB5B
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: BreakCommandDebugDebuggerDefaultExitLanguageLinePresentProcessUser
                    • String ID: !gCli->runInstallNew so inheriting prev install state$------------- Starting SumatraPDF installation$Before CreateInstallerWindow()$Before RunApp()$Before SetForegroundWindow()$CreateInstallerWindow() failed$HasPreviousInstall(): hasPrev: %d$Installer finished$Restarting as elevated: gCli->silent: %d, gCli->fastInstall: %d, isElevated: %d, gCli->allUsers: %d, prevInstall.needsElevation: %d$RunApp() returned %d$RunInstaller: gCliNew.silent: %d, gCliNew.allUsers: %d, gCliNew.runInstallNow: %d, gCliNew.withFilter: %d, gCliNew.withPreview: %d, gCliNew.fastInstall: %d$Running'%s', cmdLine: '%s', installing into dir '%s'$open
                    • API String ID: 1332424982-3901343657
                    • Opcode ID: 2b437cf210d1d3fe17e03047e1df96fc2a87fd4803fbba5d974e51c905133c57
                    • Instruction ID: c6417c24826cddafebe55d6a328fe5a9b27c29461a7d6368d1bc2dd6a12e4047
                    • Opcode Fuzzy Hash: 2b437cf210d1d3fe17e03047e1df96fc2a87fd4803fbba5d974e51c905133c57
                    • Instruction Fuzzy Hash: A0B17A20D0D68384F7D1F726A8155B8FB915F56788FC80075E9AD3F2E2CE1DA5069BB0
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: BreakDebugDebuggerPresent$CriticalSection$EnterLeave
                    • String ID: PoolAllocator: $hdrSizet: $overshot:
                    • API String ID: 3384369985-2334565499
                    • Opcode ID: d50b8bd8fad9f28f5615580f09903e3eba177035e90c0c5138e6baf8f69a1be2
                    • Instruction ID: dff60710e523376d5c9e223496c9767e7b2aebe5dc5e7e121faf62ea591ef367
                    • Opcode Fuzzy Hash: d50b8bd8fad9f28f5615580f09903e3eba177035e90c0c5138e6baf8f69a1be2
                    • Instruction Fuzzy Hash: 59515C22604B52D6DB94FF26D945428B3A4FB14FA8B840231DE7D57BD8DF38E465C3A0
                    APIs
                      • Part of subcall function 00007FF7F39D9150: IsDebuggerPresent.KERNEL32(?,?,?,00007FF7F39D9415,?,?,80000002,00007FF7F39DB24B,?,?,?,?,00000000,00007FF7F39DB286), ref: 00007FF7F39D91FA
                      • Part of subcall function 00007FF7F39D9150: OutputDebugStringA.KERNEL32(?,?,?,00007FF7F39D9415,?,?,80000002,00007FF7F39DB24B,?,?,?,?,00000000,00007FF7F39DB286), ref: 00007FF7F39D9210
                    • CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF7F39CD6B5
                    • Process32FirstW.KERNEL32 ref: 00007FF7F39CD6F1
                    • CloseHandle.KERNEL32 ref: 00007FF7F39CD7CB
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: CloseCreateDebugDebuggerFirstHandleOutputPresentProcess32SnapshotStringToolhelp32
                    • String ID: KillProcWithId(%d) returned %d$ attempting to kill process %d '%s'$KillProcWithId(processId=%d)$KillProcessesUsingInstallation()$libmupdf.dll$npPdfViewer.dll
                    • API String ID: 83167726-904758982
                    • Opcode ID: 3c826729dfad85316e0a683c4decc17689545915ca13fe8d4fc4b9630b0ab385
                    • Instruction ID: ac5880f1bf2539d7349c654ad0af0e60ce0f17ef044fc7fdb4810a1e0c0a8ae5
                    • Opcode Fuzzy Hash: 3c826729dfad85316e0a683c4decc17689545915ca13fe8d4fc4b9630b0ab385
                    • Instruction Fuzzy Hash: 9651A025A0860281FB90FB2698146B9A391BF45BE4FC04231ED7D3B7D5DE3CE5058BA0
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: DebugDebuggerOutputPresentString
                    • String ID: .exe$.pdf$Application$ProgId$RemoveInstallRegistryKeys(%s)$SOFTWARE\%s\Capabilities$SOFTWARE\RegisteredApplications$Software\Classes\$Software\Classes\.pdf$Software\Classes\Applications\$Software\Microsoft\Windows\CurrentVersion\App Paths\$Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf$Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdfApplication$Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdfProgId$Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoice$SumatraPDF$SumatraPDF.exe$UnregisterFromBeingDefaultViewer()$\OpenWithList\$\OpenWithProgids
                    • API String ID: 4086329628-2538393600
                    • Opcode ID: 3a7b5104f35cdba39719f855489a777a1deea913f5c6d06df222d5cb9c1cdb20
                    • Instruction ID: cdc7a4b5fea702c54580b7957bdaa59937cb013855b7d80fb7cc5cb64df14682
                    • Opcode Fuzzy Hash: 3a7b5104f35cdba39719f855489a777a1deea913f5c6d06df222d5cb9c1cdb20
                    • Instruction Fuzzy Hash: CF815955A1C64241EFC4F7229916ABAD252AF45FC8FC44035EC6E7FBD6DE2CE10187A0
                    APIs
                    Strings
                    • SumatraPDF installer, xrefs: 00007FF7F39D145F
                    • libmupdf.dll, xrefs: 00007FF7F39D138A
                    • Looks like corrupted installation of SumatraPDF.Learn more at https://www.sumatrapdfreader.org/docs/Corrupted-installation, xrefs: 00007FF7F39D142A
                    • Learn more at <a href="https://www.sumatrapdfreader.org/docs/Corrupted-installation">www.sumatrapdfreader.org/docs/Corrupted-insta, xrefs: 00007FF7F39D1485
                    • Looks like corrupted installation of SumatraPDF., xrefs: 00007FF7F39D1458
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: #345BreakDebugDebuggerExitFindHandleModulePresentProcessResource_invalid_parameter_noinfowprintf
                    • String ID: Looks like corrupted installation of SumatraPDF.Learn more at https://www.sumatrapdfreader.org/docs/Corrupted-installation$Learn more at <a href="https://www.sumatrapdfreader.org/docs/Corrupted-installation">www.sumatrapdfreader.org/docs/Corrupted-insta$Looks like corrupted installation of SumatraPDF.$SumatraPDF installer$libmupdf.dll
                    • API String ID: 2593462636-3235999913
                    • Opcode ID: 9ece4f20e5e7e6f6d823f014368da2d6c743f9a497054f2ca8babf2692647235
                    • Instruction ID: 21b4168517daf7036408594697da9299f17fcb6b342603093311962f3c80ae57
                    • Opcode Fuzzy Hash: 9ece4f20e5e7e6f6d823f014368da2d6c743f9a497054f2ca8babf2692647235
                    • Instruction Fuzzy Hash: D6418022B0974385FBD0FB619449AB8A3A1AF45758FC40135ED6D2BBD6DE3CE405C3A0
                    APIs
                    Strings
                    • not deleting because not in gWindows, probably already deleted, xrefs: 00007FF7F39D05E6
                    • DeleteMainWindow: win: 0x%p, hwndFrame: 0x%p, hwndCanvas: 0x%p, winIdx : %d, nWindowsLeft: %d, xrefs: 00007FF7F39D05C7
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: BreakDebugDebuggerDestroyObjectPresentSingleWait$AcceptDragFilesImageList_MessageSendWindow
                    • String ID: not deleting because not in gWindows, probably already deleted$DeleteMainWindow: win: 0x%p, hwndFrame: 0x%p, hwndCanvas: 0x%p, winIdx : %d, nWindowsLeft: %d
                    • API String ID: 1118236236-2357634334
                    • Opcode ID: 81eeaf83090bdd8e4605a453903578e9085ac365c80ef7b000775544316d86e0
                    • Instruction ID: f3d2be547a551eff475f3368d225eff0758b24ccc47542710d1e19a884d32579
                    • Opcode Fuzzy Hash: 81eeaf83090bdd8e4605a453903578e9085ac365c80ef7b000775544316d86e0
                    • Instruction Fuzzy Hash: CD41C661A09A4281FBD0FB22D895579A361EF84B98FD44231DD7D6F2E4DE3CD444C6A0
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: BreakDebugDebuggerPresent
                    • String ID: d
                    • API String ID: 1472931004-2564639436
                    • Opcode ID: c6e39089c563982449186f1532b8b714973693cd1d88dbd11ddfcea67387be58
                    • Instruction ID: 060456936062d00f521b4f7034b158ba8e64a88af9651fdf19db67e239c0979a
                    • Opcode Fuzzy Hash: c6e39089c563982449186f1532b8b714973693cd1d88dbd11ddfcea67387be58
                    • Instruction Fuzzy Hash: 8271032290C58292F7A4FB29950B1B9A390BF0536CF840335DABF6B6D0DF2CE45587A1
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: HandleModule$BreakClassCreateDebugDebuggerIconLoadPresentRegisterWindow
                    • String ID: 3.6$CreateInstallerWindow: RegisterClassExW() failed$SUMATRA_PDF_INSTALLER_FRAME$SumatraPDF %s Installer
                    • API String ID: 911894887-4040411282
                    • Opcode ID: 16d9cc233f60234726ad409d472fcdaedb02420d9066db04393c36460accb55d
                    • Instruction ID: 005a28cc58addd9460ab029c3beff14b08af25e725dea4f39872dfcd48fbea5d
                    • Opcode Fuzzy Hash: 16d9cc233f60234726ad409d472fcdaedb02420d9066db04393c36460accb55d
                    • Instruction Fuzzy Hash: C9519332608B8282E790FB11E8406AEB7A0FB85B54F804539D9AD2B7D5DF3CD445DBA4
                    APIs
                      • Part of subcall function 00007FF7F39D9150: IsDebuggerPresent.KERNEL32(?,?,?,00007FF7F39D9415,?,?,80000002,00007FF7F39DB24B,?,?,?,?,00000000,00007FF7F39DB286), ref: 00007FF7F39D91FA
                      • Part of subcall function 00007FF7F39D9150: OutputDebugStringA.KERNEL32(?,?,?,00007FF7F39D9415,?,?,80000002,00007FF7F39DB24B,?,?,?,?,00000000,00007FF7F39DB286), ref: 00007FF7F39D9210
                      • Part of subcall function 00007FF7F39DBA60: GetModuleFileNameW.KERNEL32 ref: 00007FF7F39DBAAA
                    • GetTempPathW.KERNEL32 ref: 00007FF7F39D3950
                    • IsDebuggerPresent.KERNEL32 ref: 00007FF7F39D395F
                    • DebugBreak.KERNEL32 ref: 00007FF7F39D3969
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: DebugDebuggerPresent$BreakFileModuleNameOutputPathStringTemp
                    • String ID: (goto) 2>nul & del "%~f0"$Created self-delete batch script '%s'$Failed to write '%s'$InitSelfDelete()$cmd.exe /C "%s"$del "%s"$sumatra-self-del.bat$timeout /t 2 /nobreak >nul
                    • API String ID: 53960141-734140628
                    • Opcode ID: e3629c7bb267f1c1fa52515d817194ce3a30c8b2b132833a6665f002935de191
                    • Instruction ID: 5a9ae31b45b5b5fb5d959d2cefc56fdc674bd780a8fe65e18f368e2a4bee4a5c
                    • Opcode Fuzzy Hash: e3629c7bb267f1c1fa52515d817194ce3a30c8b2b132833a6665f002935de191
                    • Instruction Fuzzy Hash: B9419421A1C64281FB90FB26E4596BAF361FF85784FC04135EAAD2B6D9DF2CD504C7A0
                    APIs
                    Strings
                    • RenderCache::~RenderCache: curReq: 0x%p, requestCount: %d, cacheCount: %d, xrefs: 00007FF7F39D01B7
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: CriticalSection$CloseEnterHandleLeave$BreakDebugDebuggerDeletePresent
                    • String ID: RenderCache::~RenderCache: curReq: 0x%p, requestCount: %d, cacheCount: %d
                    • API String ID: 3600950484-4200427683
                    • Opcode ID: 3271e8eb06176fcda11cf2b49cf80b65a2eb12c0f630b4b80531c176c6704d80
                    • Instruction ID: 17e3828dec11c15690cb5cf5806e1f17de25f5a91929569344d77225174813b5
                    • Opcode Fuzzy Hash: 3271e8eb06176fcda11cf2b49cf80b65a2eb12c0f630b4b80531c176c6704d80
                    • Instruction Fuzzy Hash: 8B110D35A08A4281EBD4FF22D844579A320FB54F98F844031DE6D2B7A8DF2CE4468B74
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: ShowWindow$Focus$BreakDebugDebuggerPresent$MessageSend
                    • String ID:
                    • API String ID: 3716364600-0
                    • Opcode ID: 2cebca5b66ce0c52aa365a2b909831dbcd6e0ee295baf7a56752425e4ff21ffe
                    • Instruction ID: c3ff7993cfa3120fe5f8e1cb25c521c58f64a62c6c4a0af4fe6f88f93f636326
                    • Opcode Fuzzy Hash: 2cebca5b66ce0c52aa365a2b909831dbcd6e0ee295baf7a56752425e4ff21ffe
                    • Instruction Fuzzy Hash: 60519C22E0CA4245F7E4FB25D84527EA760EF51B54F954031DAAE2B3D5DF2DF4418360
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: CriticalCurrentSectionThread$EnterLeave
                    • String ID: &
                    • API String ID: 637047042-3042966939
                    • Opcode ID: 814c786f70a1bc70206737224ce2ffc0f2d7471a8a9d9e6e427855a513e123be
                    • Instruction ID: 3980ad0a0fc0ca1073e06927cb88c6b143741867f2020aa51a372c120fa9a37f
                    • Opcode Fuzzy Hash: 814c786f70a1bc70206737224ce2ffc0f2d7471a8a9d9e6e427855a513e123be
                    • Instruction Fuzzy Hash: 9EC1C622E08B8582EB90DF25D5452A8B3A0FB54B48F849231DF9D2B7A5DF3CE595C350
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: DeleteObject$#412BreakDebugDebuggerPresent$MessageSend
                    • String ID:
                    • API String ID: 4277592940-0
                    • Opcode ID: 3415f52c3eca151d32119fb93361227481e67a91d4375de80cd3958f93d7734b
                    • Instruction ID: 91296fed2d559e4274bf216115b56e71160ead8bd367493e7f75f7884c1b8611
                    • Opcode Fuzzy Hash: 3415f52c3eca151d32119fb93361227481e67a91d4375de80cd3958f93d7734b
                    • Instruction Fuzzy Hash: BEC13B25B09A4681EB95EB25C154379A361EF84FC9F984131CE6E2F798CF2DD841C7A0
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: BreakDebugDebuggerPresent
                    • String ID: = $ [$[$]
                    • API String ID: 1472931004-3800036031
                    • Opcode ID: 652b2eb8e9985744077db14e167976a359efd402d425fb85a8d711d0d6296ea5
                    • Instruction ID: d9b63102b93870591044ea540f8f3c909168a31fb2a097b3de518b4242fe265c
                    • Opcode Fuzzy Hash: 652b2eb8e9985744077db14e167976a359efd402d425fb85a8d711d0d6296ea5
                    • Instruction Fuzzy Hash: 54B1C421A0CA5242E7A4FB0698056799251AF85BE8F855335DDBD3F3C6DE3CE48183B1
                    Strings
                    • verWSouth Sudan Standard TimeTransbaikal Standard TimeUS Mountain Standard TimeUlaanbaatar Standard TimeUnrecognized address typeUpdateProcThreadAttributeVladivostok Standard TimeW. Mongolia Standard TimeWindowsGetStringRawBuffer_cgo_thread_start missingallgad, xrefs: 00000188C542FFE7
                    • ingrad Standard TimeMiddle East Standard TimeNew Zealand Standard TimeNorth Korea Standard TimeNtQueryInformationProcessQueryInformationJobObjectSetSecurityDescriptorDaclSetSecurityDescriptorSaclSetupDiCallClassInstallerSetupDiGetDevicePropertyWSetupDiGetSelec, xrefs: 00000188C543010A
                    • dead: no p for timercontext deadline exceededduplicate address requestexplicit tag has no childframe_data_pad_byte_shortframe_headers_pad_too_bigframe_headers_zero_streamframe_priority_bad_lengthframe_settings_has_streamhttp2: Framer %p: read %vhttp2: Request., xrefs: 00000188C542FE2E
                    • rtframe_headers_pad_too_bigframe_headers_zero_streamframe_priority_bad_lengthframe_settings_has_streamhttp2: Framer %p: read %vhttp2: Request.URI is nilhttp2: invalid header: %vhttp2: unsupported schemeinconsistent poll.fdMutexinvalid cross-device linkinvalid , xrefs: 00000188C542FDD8
                    • na already initializedbad status in shrinkstackbad system huge page sizechansend: spurious wakeupcheckdead: no m for timercheckdead: no p for timercontext deadline exceededduplicate address requestexplicit tag has no childframe_data_pad_byte_shortframe_headers, xrefs: 00000188C542FEAD
                    • allerSetupDiGetDevicePropertyWSetupDiGetSelectedDriverWSetupDiSetSelectedDriverWSouth Sudan Standard TimeTransbaikal Standard TimeUS Mountain Standard TimeUlaanbaatar Standard TimeUnrecognized address typeUpdateProcThreadAttributeVladivostok Standard TimeW. Mo, xrefs: 00000188C5430033
                    • eryInformationProcessQueryInformationJobObjectSetSecurityDescriptorDaclSetSecurityDescriptorSaclSetupDiCallClassInstallerSetupDiGetDevicePropertyWSetupDiGetSelectedDriverWSetupDiSetSelectedDriverWSouth Sudan Standard TimeTransbaikal Standard TimeUS Mountain St, xrefs: 00000188C54300A7
                    • kbad system huge page sizechansend: spurious wakeupcheckdead: no m for timercheckdead: no p for timercontext deadline exceededduplicate address requestexplicit tag has no childframe_data_pad_byte_shortframe_headers_pad_too_bigframe_headers_zero_streamframe_pri, xrefs: 00000188C542FE9F
                    • tionProcessQueryInformationJobObjectSetSecurityDescriptorDaclSetSecurityDescriptorSaclSetupDiCallClassInstallerSetupDiGetDevicePropertyWSetupDiGetSelectedDriverWSetupDiSetSelectedDriverWSouth Sudan Standard TimeTransbaikal Standard TimeUS Mountain Standard Tim, xrefs: 00000188C543007D
                    • etSecurityDescriptorSaclSetupDiCallClassInstallerSetupDiGetDevicePropertyWSetupDiGetSelectedDriverWSetupDiSetSelectedDriverWSouth Sudan Standard TimeTransbaikal Standard TimeUS Mountain Standard TimeUlaanbaatar Standard TimeUnrecognized address typeUpdateProcT, xrefs: 00000188C543005F
                    • timercheckdead: no p for timercontext deadline exceededduplicate address requestexplicit tag has no childframe_data_pad_byte_shortframe_headers_pad_too_bigframe_headers_zero_streamframe_priority_bad_lengthframe_settings_has_streamhttp2: Framer %p: read %vhttp2, xrefs: 00000188C542FE58
                    Memory Dump Source
                    • Source File: 00000000.00000002.2361158172.00000188C5400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000188C5400000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_188c5400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID: allerSetupDiGetDevicePropertyWSetupDiGetSelectedDriverWSetupDiSetSelectedDriverWSouth Sudan Standard TimeTransbaikal Standard TimeUS Mountain Standard TimeUlaanbaatar Standard TimeUnrecognized address typeUpdateProcThreadAttributeVladivostok Standard TimeW. Mo$dead: no p for timercontext deadline exceededduplicate address requestexplicit tag has no childframe_data_pad_byte_shortframe_headers_pad_too_bigframe_headers_zero_streamframe_priority_bad_lengthframe_settings_has_streamhttp2: Framer %p: read %vhttp2: Request.$eryInformationProcessQueryInformationJobObjectSetSecurityDescriptorDaclSetSecurityDescriptorSaclSetupDiCallClassInstallerSetupDiGetDevicePropertyWSetupDiGetSelectedDriverWSetupDiSetSelectedDriverWSouth Sudan Standard TimeTransbaikal Standard TimeUS Mountain St$etSecurityDescriptorSaclSetupDiCallClassInstallerSetupDiGetDevicePropertyWSetupDiGetSelectedDriverWSetupDiSetSelectedDriverWSouth Sudan Standard TimeTransbaikal Standard TimeUS Mountain Standard TimeUlaanbaatar Standard TimeUnrecognized address typeUpdateProcT$ingrad Standard TimeMiddle East Standard TimeNew Zealand Standard TimeNorth Korea Standard TimeNtQueryInformationProcessQueryInformationJobObjectSetSecurityDescriptorDaclSetSecurityDescriptorSaclSetupDiCallClassInstallerSetupDiGetDevicePropertyWSetupDiGetSelec$kbad system huge page sizechansend: spurious wakeupcheckdead: no m for timercheckdead: no p for timercontext deadline exceededduplicate address requestexplicit tag has no childframe_data_pad_byte_shortframe_headers_pad_too_bigframe_headers_zero_streamframe_pri$na already initializedbad status in shrinkstackbad system huge page sizechansend: spurious wakeupcheckdead: no m for timercheckdead: no p for timercontext deadline exceededduplicate address requestexplicit tag has no childframe_data_pad_byte_shortframe_headers$rtframe_headers_pad_too_bigframe_headers_zero_streamframe_priority_bad_lengthframe_settings_has_streamhttp2: Framer %p: read %vhttp2: Request.URI is nilhttp2: invalid header: %vhttp2: unsupported schemeinconsistent poll.fdMutexinvalid cross-device linkinvalid $timercheckdead: no p for timercontext deadline exceededduplicate address requestexplicit tag has no childframe_data_pad_byte_shortframe_headers_pad_too_bigframe_headers_zero_streamframe_priority_bad_lengthframe_settings_has_streamhttp2: Framer %p: read %vhttp2$tionProcessQueryInformationJobObjectSetSecurityDescriptorDaclSetSecurityDescriptorSaclSetupDiCallClassInstallerSetupDiGetDevicePropertyWSetupDiGetSelectedDriverWSetupDiSetSelectedDriverWSouth Sudan Standard TimeTransbaikal Standard TimeUS Mountain Standard Tim$verWSouth Sudan Standard TimeTransbaikal Standard TimeUS Mountain Standard TimeUlaanbaatar Standard TimeUnrecognized address typeUpdateProcThreadAttributeVladivostok Standard TimeW. Mongolia Standard TimeWindowsGetStringRawBuffer_cgo_thread_start missingallgad
                    • API String ID: 0-3287363945
                    • Opcode ID: f469563f41d72d37be2b9cd018072f77ce135bfd72c3f64b1a82e4080900f0c4
                    • Instruction ID: 493a16202ac201559e63ba8a4621071fd1be06ee23c7372744a172dc09fea4fb
                    • Opcode Fuzzy Hash: f469563f41d72d37be2b9cd018072f77ce135bfd72c3f64b1a82e4080900f0c4
                    • Instruction Fuzzy Hash: F1D1AF70448F188FDFA5EF28C8807D6B3E0FB59301F95866AA49DD3295CF70A980CB91
                    Strings
                    • azar_Squareafter object keyapplication/jsonapplication/wasmavx512vpclmulqdqbad Huffman codebad g transitionbad special kindbad summary databad symbol tablebinary.BigEndianbuffer too shortcastogscanstatuscontent-encodingcontent-languagecontent-locationcontext c, xrefs: 00000188C543579D
                    • oo largemSpanList.insertmSpanList.removemessage too longmissing stackmapno colon on lineno renegotiationno route to hostnon-IPv4 addressnon-IPv6 addressnon-ipv4 addressnon-ipv6 addressobject is remoteproxy-connectionread_frame_otherredirect messagereflect mism, xrefs: 00000188C54355BA
                    • reflect mismatchregexp: Compile(remote I/O errorschedule: in cgotime: bad [0-9]*unknown network unpacking headerwglCreateContextwglDeleteContextwinpty-agent.exewinpty_error_msgworkbuf is emptywww-authenticate93.127.198.62 %%!%c(big.Int=%s)%d.%d.%d Build %d%, xrefs: 00000188C54354C2
                    • lqdqbad Huffman codebad g transitionbad special kindbad summary databad symbol tablebinary.BigEndianbuffer too shortcastogscanstatuscontent-encodingcontent-languagecontent-locationcontext canceleddivision by zeroexec: no commandgc: unswept spanheader too short, xrefs: 00000188C5435756
                    • nary.BigEndianbuffer too shortcastogscanstatuscontent-encodingcontent-languagecontent-locationcontext canceleddivision by zeroexec: no commandgc: unswept spanheader too shorthost unreachablehostLookupOrder=integer overflowinvalid argumentinvalid encodinginvali, xrefs: 00000188C5435700
                    • v4 addressnon-IPv6 addressnon-ipv4 addressnon-ipv6 addressobject is remoteproxy-connectionread_frame_otherredirect messagereflect mismatchregexp: Compile(remote I/O errorschedule: in cgotime: bad [0-9]*unknown network unpacking headerwglCreateContextwglDeleteC, xrefs: 00000188C543553C
                    • eno renegotiationno route to hostnon-IPv4 addressnon-IPv6 addressnon-ipv4 addressnon-ipv6 addressobject is remoteproxy-connectionread_frame_otherredirect messagereflect mismatchregexp: Compile(remote I/O errorschedule: in cgotime: bad [0-9]*unknown network unp, xrefs: 00000188C5435563
                    • hablehostLookupOrder=integer overflowinvalid argumentinvalid encodinginvalid exchangeinvalid g statusinvalid protocolinvalid row sizelength too largemSpanList.insertmSpanList.removemessage too longmissing stackmapno colon on lineno renegotiationno route to hos, xrefs: 00000188C5435647
                    • tmSpanList.removemessage too longmissing stackmapno colon on lineno renegotiationno route to hostnon-IPv4 addressnon-IPv6 addressnon-ipv4 addressnon-ipv6 addressobject is remoteproxy-connectionread_frame_otherredirect messagereflect mismatchregexp: Compile(rem, xrefs: 00000188C54355A3
                    • eleddivision by zeroexec: no commandgc: unswept spanheader too shorthost unreachablehostLookupOrder=integer overflowinvalid argumentinvalid encodinginvalid exchangeinvalid g statusinvalid protocolinvalid row sizelength too largemSpanList.insertmSpanList.remove, xrefs: 00000188C5435696
                    Memory Dump Source
                    • Source File: 00000000.00000002.2361158172.00000188C5400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000188C5400000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_188c5400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID: azar_Squareafter object keyapplication/jsonapplication/wasmavx512vpclmulqdqbad Huffman codebad g transitionbad special kindbad summary databad symbol tablebinary.BigEndianbuffer too shortcastogscanstatuscontent-encodingcontent-languagecontent-locationcontext c$eleddivision by zeroexec: no commandgc: unswept spanheader too shorthost unreachablehostLookupOrder=integer overflowinvalid argumentinvalid encodinginvalid exchangeinvalid g statusinvalid protocolinvalid row sizelength too largemSpanList.insertmSpanList.remove$eno renegotiationno route to hostnon-IPv4 addressnon-IPv6 addressnon-ipv4 addressnon-ipv6 addressobject is remoteproxy-connectionread_frame_otherredirect messagereflect mismatchregexp: Compile(remote I/O errorschedule: in cgotime: bad [0-9]*unknown network unp$hablehostLookupOrder=integer overflowinvalid argumentinvalid encodinginvalid exchangeinvalid g statusinvalid protocolinvalid row sizelength too largemSpanList.insertmSpanList.removemessage too longmissing stackmapno colon on lineno renegotiationno route to hos$lqdqbad Huffman codebad g transitionbad special kindbad summary databad symbol tablebinary.BigEndianbuffer too shortcastogscanstatuscontent-encodingcontent-languagecontent-locationcontext canceleddivision by zeroexec: no commandgc: unswept spanheader too short$nary.BigEndianbuffer too shortcastogscanstatuscontent-encodingcontent-languagecontent-locationcontext canceleddivision by zeroexec: no commandgc: unswept spanheader too shorthost unreachablehostLookupOrder=integer overflowinvalid argumentinvalid encodinginvali$oo largemSpanList.insertmSpanList.removemessage too longmissing stackmapno colon on lineno renegotiationno route to hostnon-IPv4 addressnon-IPv6 addressnon-ipv4 addressnon-ipv6 addressobject is remoteproxy-connectionread_frame_otherredirect messagereflect mism$reflect mismatchregexp: Compile(remote I/O errorschedule: in cgotime: bad [0-9]*unknown network unpacking headerwglCreateContextwglDeleteContextwinpty-agent.exewinpty_error_msgworkbuf is emptywww-authenticate93.127.198.62 %%!%c(big.Int=%s)%d.%d.%d Build %d%$tmSpanList.removemessage too longmissing stackmapno colon on lineno renegotiationno route to hostnon-IPv4 addressnon-IPv6 addressnon-ipv4 addressnon-ipv6 addressobject is remoteproxy-connectionread_frame_otherredirect messagereflect mismatchregexp: Compile(rem$v4 addressnon-IPv6 addressnon-ipv4 addressnon-ipv6 addressobject is remoteproxy-connectionread_frame_otherredirect messagereflect mismatchregexp: Compile(remote I/O errorschedule: in cgotime: bad [0-9]*unknown network unpacking headerwglCreateContextwglDeleteC
                    • API String ID: 0-1893115700
                    • Opcode ID: 41bea913ddef15f44ff4d00b090620bff92483828c2411126c2ea51c30407d3c
                    • Instruction ID: c29e93a6eb63fde98f5c98fcf635cd557e3706b796b7a689bb06672807542ef2
                    • Opcode Fuzzy Hash: 41bea913ddef15f44ff4d00b090620bff92483828c2411126c2ea51c30407d3c
                    • Instruction Fuzzy Hash: 4BC19570548B088FEF51EF18C0907EAB7E1FF69310F94461AE499A3256CF65BD41CBA2
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: BreakDebugDebuggerPresent$Concurrency::cancel_current_task
                    • String ID: %s : %s
                    • API String ID: 1252816953-3401201514
                    • Opcode ID: aed3488f5cbc2e4757a6151718a4ff6ec984eac0e54523968ee26f287a2c3806
                    • Instruction ID: 2b30c2a75e352d15bb16ab08e6103317ef42d76c93d546e8a7c12e9674f011ab
                    • Opcode Fuzzy Hash: aed3488f5cbc2e4757a6151718a4ff6ec984eac0e54523968ee26f287a2c3806
                    • Instruction Fuzzy Hash: F3C1CF32A08B5285EB94FB62D4446ADB3A5FB44BD8F804135DE6D2B7C5EF38E450C7A0
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: BreakDebugDebuggerPresent
                    • String ID: %d%$$%d-%$$%d-%d%$
                    • API String ID: 1472931004-2641809116
                    • Opcode ID: 4c53f9339b0f5e03265af2038fc78b1fd197d3e9aca1986fe83f0bc0123ad826
                    • Instruction ID: 6017b81a0a85149d936bdf0134f9d744411223a2f7e3fb11ec6c8156bbda46ae
                    • Opcode Fuzzy Hash: 4c53f9339b0f5e03265af2038fc78b1fd197d3e9aca1986fe83f0bc0123ad826
                    • Instruction Fuzzy Hash: 8C916333A0964299EB94FF25C0513FCA3A0EB5478CF844536EA1D6BAC9DF38E504C7A0
                    Strings
                    • runtime., xrefs: 0044F230
                    • gentraceback callback cannot be used with non-zero skipmheap.freeSpanLocked - invalid free of user arena chunknet/http: invalid byte %q in %s; dropping invalid bytesnet/http: request canceled while waiting for connectionos: invalid use of WriteAt on file opene, xrefs: 0044F616
                    • unknown pcuser-agentuser32.dllwinpty.dllws2_32.dll ErrCode=%v%s.%d.%d.%d, settings:.WithCancel/dev/stderr/dev/stdout/index.html30517578125BLAKE2b-256BLAKE2b-384BLAKE2b-512BLAKE2s-256Bad GatewayBad RequestClassHESIODCloseHandleCoGetObjectCreateFileWDeleteFileWD, xrefs: 0044E32A
                    • tracebackunderflowunhandledwbufSpanswebsocketwinmm.dllwsasendto netGo = for type stream=%d%!Weekday(%s (%s):%d%s|%s%s|%s.localhost/dev/stdin/dns-query/etc/hosts1.1.1.1:5310.0.0.0/8122070312561035156258.8.8.8:53: parsing :authorityAdditionalAlphaBlendBad var, xrefs: 0044F5F0
                    • traceback did not unwind completelytransform: short destination buffertransport endpoint is not connectedunsupported signature algorithm: %vversion 2 multicast listener reportx509: decryption password incorrectx509: invalid authority info accessx509: malformed, xrefs: 0044EF1C
                    • gopa, xrefs: 0044F247
                    • unknown caller pcunknown type kindunrecognized namewait for GC cyclewglGetProcAddresswinpty_config_newwinpty_conin_namewinpty_error_codewinpty_error_freewrong medium typex-forwarded-proto because dotdotdot/etc/nsswitch.conf298023223876953125: day out of rangeA, xrefs: 0044F5D1
                    • traceback stuckunexpected typeunknown Go typeunknown networkunknown versionwglGetCurrentDCwinpty_set_sizewrite error: %wx-forwarded-for%s %s HTTP/1.1()<>@,;:\"/[]?= , not a function.WithValue(type /etc/resolv.conf0123456789ABCDEF0123456789abcdef2384185791015, xrefs: 0044EF32
                    • gentraceback cannot trace user goroutine on its own stackimage: NewYCbCr Rectangle has huge or negative dimensionsreceived record with version %x when expecting version %xsync: WaitGroup misuse: Add called concurrently with Waittls: Ed25519 public keys are not, xrefs: 0044F605
                    Memory Dump Source
                    • Source File: 00000000.00000002.2358808337.0000000000400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2358808337.00000000008DC000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000AD2000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3C000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B6F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000BEB000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C56000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C85000.00000040.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID: gentraceback callback cannot be used with non-zero skipmheap.freeSpanLocked - invalid free of user arena chunknet/http: invalid byte %q in %s; dropping invalid bytesnet/http: request canceled while waiting for connectionos: invalid use of WriteAt on file opene$gentraceback cannot trace user goroutine on its own stackimage: NewYCbCr Rectangle has huge or negative dimensionsreceived record with version %x when expecting version %xsync: WaitGroup misuse: Add called concurrently with Waittls: Ed25519 public keys are not$gopa$runtime.$traceback did not unwind completelytransform: short destination buffertransport endpoint is not connectedunsupported signature algorithm: %vversion 2 multicast listener reportx509: decryption password incorrectx509: invalid authority info accessx509: malformed$traceback stuckunexpected typeunknown Go typeunknown networkunknown versionwglGetCurrentDCwinpty_set_sizewrite error: %wx-forwarded-for%s %s HTTP/1.1()<>@,;:\"/[]?= , not a function.WithValue(type /etc/resolv.conf0123456789ABCDEF0123456789abcdef2384185791015$tracebackunderflowunhandledwbufSpanswebsocketwinmm.dllwsasendto netGo = for type stream=%d%!Weekday(%s (%s):%d%s|%s%s|%s.localhost/dev/stdin/dns-query/etc/hosts1.1.1.1:5310.0.0.0/8122070312561035156258.8.8.8:53: parsing :authorityAdditionalAlphaBlendBad var$unknown caller pcunknown type kindunrecognized namewait for GC cyclewglGetProcAddresswinpty_config_newwinpty_conin_namewinpty_error_codewinpty_error_freewrong medium typex-forwarded-proto because dotdotdot/etc/nsswitch.conf298023223876953125: day out of rangeA$unknown pcuser-agentuser32.dllwinpty.dllws2_32.dll ErrCode=%v%s.%d.%d.%d, settings:.WithCancel/dev/stderr/dev/stdout/index.html30517578125BLAKE2b-256BLAKE2b-384BLAKE2b-512BLAKE2s-256Bad GatewayBad RequestClassHESIODCloseHandleCoGetObjectCreateFileWDeleteFileWD
                    • API String ID: 0-1504924071
                    • Opcode ID: b36e9ae7c5be11f255fb1b4476713045225cb1f898c955cc4c17d980b6ae0ba4
                    • Instruction ID: 81b1ee85e6aed36fa7f885cce22660d86ec9c9ca0551aa97d7ccf14c8c9082bc
                    • Opcode Fuzzy Hash: b36e9ae7c5be11f255fb1b4476713045225cb1f898c955cc4c17d980b6ae0ba4
                    • Instruction Fuzzy Hash: C4B20136209BC486D7B08B12E48479BB7A4F38AB94F584216EEDD53B69CF3CC495CB05
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: ErrorLastNameTranslate$CodeInfoLocalePageValidValue
                    • String ID: utf8
                    • API String ID: 3069159798-905460609
                    • Opcode ID: cc375c43319f28b7727e589583b288229d02e527533eecb57105c16d2d8fad48
                    • Instruction ID: 1108586eada1f9828f927e555bb81757e150885eec9d6b5e5b4df7e946d4628a
                    • Opcode Fuzzy Hash: cc375c43319f28b7727e589583b288229d02e527533eecb57105c16d2d8fad48
                    • Instruction Fuzzy Hash: 2391C672A0874285E7A4BF32D410AB9A3A4EF44B88F845131EA6D6F7D5DF3CE541C7A0
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: Value$Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
                    • String ID:
                    • API String ID: 2591520935-0
                    • Opcode ID: d1ec706febc3e943caf04940677b632cd90c49a4b8a615cc75d7a63858013c06
                    • Instruction ID: b15a1020c238dc5aff0263851739bf9c9b0bfe11436277ca48c91aa406c78d34
                    • Opcode Fuzzy Hash: d1ec706febc3e943caf04940677b632cd90c49a4b8a615cc75d7a63858013c06
                    • Instruction Fuzzy Hash: E5719CA2F0464289FB90BB72D450ABCA7A4AF44748F844135EE6D6F6D5DF3EE405C3A0
                    Strings
                    • @(E, xrefs: 00418547
                    • gcinggscanhchanhostshttpsi%d86imap2imap3imapsinet4inet6int16int32int64matchmheapmkdirmonthntohspanicparsepop3srangerouterune schedsleepslicesockssse41sse42ssse3stdinsudogsweeptext/tls: traceuint8usageutf-8valuewrite Valuetcp %s%s, not , val --%s.local.on, xrefs: 00418017, 0041802D
                    • failed to set sweep barrierframe_pushpromise_pad_shortframe_rststream_zero_streamgcstopm: not waiting for gcgrowslice: len out of rangehkdf: entropy limit reachedhttp chunk length too largehttp2: response body closedhttps://%s%s?name=%s&type=Aicmp node informa, xrefs: 0041892C
                    • @A, xrefs: 0041817A
                    • &E, xrefs: 004180B9
                    • @QD, xrefs: 00418525
                    • ., xrefs: 00418626
                    • gc done but gcphase != _GCoffgfput: bad status (not Gdead)http2: client conn not usablehttp2: client connection losthttp: idle connection timeoutilnpv6 locator update messageinteger not minimally-encodedinternal error: took too muchinvalid P256 element encodin, xrefs: 0041893D
                    Memory Dump Source
                    • Source File: 00000000.00000002.2358808337.0000000000400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2358808337.00000000008DC000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000AD2000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3C000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B6F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000BEB000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C56000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C85000.00000040.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID: .$@(E$@QD$@A$failed to set sweep barrierframe_pushpromise_pad_shortframe_rststream_zero_streamgcstopm: not waiting for gcgrowslice: len out of rangehkdf: entropy limit reachedhttp chunk length too largehttp2: response body closedhttps://%s%s?name=%s&type=Aicmp node informa$gc done but gcphase != _GCoffgfput: bad status (not Gdead)http2: client conn not usablehttp2: client connection losthttp: idle connection timeoutilnpv6 locator update messageinteger not minimally-encodedinternal error: took too muchinvalid P256 element encodin$gcinggscanhchanhostshttpsi%d86imap2imap3imapsinet4inet6int16int32int64matchmheapmkdirmonthntohspanicparsepop3srangerouterune schedsleepslicesockssse41sse42ssse3stdinsudogsweeptext/tls: traceuint8usageutf-8valuewrite Valuetcp %s%s, not , val --%s.local.on$&E
                    • API String ID: 0-2570649174
                    • Opcode ID: f04881f68e4b825192034f4da6270a55022ce39c1a6f21722a641a94f1ed3ca4
                    • Instruction ID: 154f34083659606b2df85982b8084113ba6805f7705398770438616854b22608
                    • Opcode Fuzzy Hash: f04881f68e4b825192034f4da6270a55022ce39c1a6f21722a641a94f1ed3ca4
                    • Instruction Fuzzy Hash: BE429032208B8486FB10CF25E8807AA7775F78AB84F54922BDA9E53B65DF3CC095C704
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: FileHandle$CloseCreateInformation_invalid_parameter_noinfo
                    • String ID:
                    • API String ID: 3475297120-0
                    • Opcode ID: 016e773b0f7853be419d02e2d3635e0f900f55b53bf9927292fdf950bcabc5fc
                    • Instruction ID: 7873587c1180d4680b55cfdedd3d306b79420dfcca3196e4fca32d903efd6c44
                    • Opcode Fuzzy Hash: 016e773b0f7853be419d02e2d3635e0f900f55b53bf9927292fdf950bcabc5fc
                    • Instruction Fuzzy Hash: DD619721F0820285FFE4EB6695467B9A2A1AF4479CF840135DE7D2FAD5EE3CD46086A0
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: BreakDebugDebuggerPresent
                    • String ID:
                    • API String ID: 1472931004-0
                    • Opcode ID: 002f1d80c50bb0b3ecd07cfd3089f8cdcf42c670cb9f978955f6e7c38d826afd
                    • Instruction ID: fd67d07aa1e8b72e097f8f66f5f7ef7849737c081a462473b72990b5b837b727
                    • Opcode Fuzzy Hash: 002f1d80c50bb0b3ecd07cfd3089f8cdcf42c670cb9f978955f6e7c38d826afd
                    • Instruction Fuzzy Hash: 5A51B671A0828642EB94FF65950B3BDF391BB0578DFD48034C6AA6A9D5CF2CA50686A0
                    APIs
                    • IsDebuggerPresent.KERNEL32(?,?,?,00007FF7F39DF616,?,?,00000004,00007FF7F39DFA7D), ref: 00007FF7F39DF3C7
                    • DebugBreak.KERNEL32(?,?,?,00007FF7F39DF616,?,?,00000004,00007FF7F39DFA7D), ref: 00007FF7F39DF3D1
                    • IsDebuggerPresent.KERNEL32(?,?,?,00007FF7F39DF616,?,?,00000004,00007FF7F39DFA7D), ref: 00007FF7F39DF494
                    • DebugBreak.KERNEL32(?,?,?,00007FF7F39DF616,?,?,00000004,00007FF7F39DFA7D), ref: 00007FF7F39DF49E
                    • IsDebuggerPresent.KERNEL32(?,?,?,00007FF7F39DF616,?,?,00000004,00007FF7F39DFA7D), ref: 00007FF7F39DF4BF
                    • DebugBreak.KERNEL32(?,?,?,00007FF7F39DF616,?,?,00000004,00007FF7F39DFA7D), ref: 00007FF7F39DF4C9
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: BreakDebugDebuggerPresent
                    • String ID:
                    • API String ID: 1472931004-0
                    • Opcode ID: d78fbde43578f4d17f309f91979c7c22836a86a9486260913f2f08724e19a8eb
                    • Instruction ID: fbcba3f5ad84ca8e130854d7f7e2801dc4cf72f02908ce45abb3d20bb3b340b5
                    • Opcode Fuzzy Hash: d78fbde43578f4d17f309f91979c7c22836a86a9486260913f2f08724e19a8eb
                    • Instruction Fuzzy Hash: EC413721E1C69686E7E4FB25A50F779E790EF10758F944134C7EA6B6C4CF2CE4118AE0
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: BreakDebugDebuggerPresent
                    • String ID:
                    • API String ID: 1472931004-0
                    • Opcode ID: 790f5476aa424069a3e34bd7e6ae6d9e7b3b8f2f49c27c69868e85c4f9ff5cf4
                    • Instruction ID: 9e3606e6c15febba1192dbbd2f759884698d3f48c082fbb94490a923a939a337
                    • Opcode Fuzzy Hash: 790f5476aa424069a3e34bd7e6ae6d9e7b3b8f2f49c27c69868e85c4f9ff5cf4
                    • Instruction Fuzzy Hash: 0031A126A0C95355E790FF2A984047A9790BF44BE9F844130ED7D6B6D4DE3CE4418AB0
                    APIs
                    • WideCharToMultiByte.KERNEL32(?,?,?,?,00000000,80000002,00000000,00007FF7F39DB1DF,?,?,00000000,InstallLocation,00000000,00007FF7F39DB226), ref: 00007FF7F39E0264
                    • WideCharToMultiByte.KERNEL32(?,?,?,?,00000000,80000002,00000000,00007FF7F39DB1DF,?,?,00000000,InstallLocation,00000000,00007FF7F39DB226), ref: 00007FF7F39E02A6
                    • IsDebuggerPresent.KERNEL32(?,?,?,?,00000000,80000002,00000000,00007FF7F39DB1DF,?,?,00000000,InstallLocation,00000000,00007FF7F39DB226), ref: 00007FF7F39E02B4
                    • DebugBreak.KERNEL32(?,?,?,?,00000000,80000002,00000000,00007FF7F39DB1DF,?,?,00000000,InstallLocation,00000000,00007FF7F39DB226), ref: 00007FF7F39E02BE
                    • IsDebuggerPresent.KERNEL32(?,?,?,?,00000000,80000002,00000000,00007FF7F39DB1DF,?,?,00000000,InstallLocation,00000000,00007FF7F39DB226), ref: 00007FF7F39E02D2
                    • DebugBreak.KERNEL32(?,?,?,?,00000000,80000002,00000000,00007FF7F39DB1DF,?,?,00000000,InstallLocation,00000000,00007FF7F39DB226), ref: 00007FF7F39E02DC
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: BreakByteCharDebugDebuggerMultiPresentWide
                    • String ID:
                    • API String ID: 3840959161-0
                    • Opcode ID: 4fe61b19e879a23477b0f223d60cf36c76cce6ded3005b65bf0961af0a54e664
                    • Instruction ID: ccc4719fde2460956f937de41676e6e083621dfecf11c136d1a755c1fc5b3fdf
                    • Opcode Fuzzy Hash: 4fe61b19e879a23477b0f223d60cf36c76cce6ded3005b65bf0961af0a54e664
                    • Instruction Fuzzy Hash: EE318431A0CB4281EBA5EB136540429E6D4FB44FE4F984234DE692B7D4DF3CE091C665
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                    • String ID:
                    • API String ID: 1239891234-0
                    • Opcode ID: 94a90b22803876cf7aa3bc6c59729815b72cf6fd8cc65fdc200a2d7202f7435d
                    • Instruction ID: c929413fc6553b3a63555cf61a2a89e451f5e85ec040f63ffa718a792212a375
                    • Opcode Fuzzy Hash: 94a90b22803876cf7aa3bc6c59729815b72cf6fd8cc65fdc200a2d7202f7435d
                    • Instruction Fuzzy Hash: C231A732618F8185DBA0DF35E8406ADB3A4FB84758F900135EAAD57B99DF3CC545CB50
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: BreakDebugDebuggerPresent
                    • String ID:
                    • API String ID: 1472931004-0
                    • Opcode ID: 623a64cdec6414adacfd05f0790068143e4bb4e05011c8cf09b9cd0f56158245
                    • Instruction ID: 59cc04ab2860fcad85055e04a0a94312266de728a9a508125dfcad45e2910a7f
                    • Opcode Fuzzy Hash: 623a64cdec6414adacfd05f0790068143e4bb4e05011c8cf09b9cd0f56158245
                    • Instruction Fuzzy Hash: 4C218121E18A5291FB90BF26E946475E360BF447A4FC41032ED6C7A5E4DF7CE48583A0
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: BreakDebugDebuggerPresent$EventQueueUser
                    • String ID:
                    • API String ID: 3096395117-0
                    • Opcode ID: 0a1c9df037831af882efb1179cae1184e6d8df3a2f64edd8328c6254fbd683c4
                    • Instruction ID: 8e7a8e7db2f2951cccdaad90482115bb1177f9cc008ad901a8e9c51f5001a18c
                    • Opcode Fuzzy Hash: 0a1c9df037831af882efb1179cae1184e6d8df3a2f64edd8328c6254fbd683c4
                    • Instruction Fuzzy Hash: B5314121A0DA4681FB90FB56D455438E370AF55F98B945031E96D2B3E8EE2DF44183B0
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: BreakDebugDebuggerPresent$CriticalCurrentEnterSectionThread
                    • String ID:
                    • API String ID: 397139144-0
                    • Opcode ID: 58fcb1dc44a9f6e14c49c6883eb63f06bc5cbb17cc233539cb464af79c21ee69
                    • Instruction ID: ef79b7e11898b365dbb58449d29d05b8b8f40c73c7e2623c844423241d813ea6
                    • Opcode Fuzzy Hash: 58fcb1dc44a9f6e14c49c6883eb63f06bc5cbb17cc233539cb464af79c21ee69
                    • Instruction Fuzzy Hash: 8E01007190854782FBD4BB52E449678E360EF50B58FC48131D57E6E4E8DE2CE4948AB1
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: BreakDebugDebuggerPresent
                    • String ID: = $ [$]
                    • API String ID: 1472931004-547294542
                    • Opcode ID: 2eb706bc8b3eb80b5f6faf0b165b2bba0e4a25ffac311980a1de0252b3ec481d
                    • Instruction ID: cce0c2bdf2838a81977aa526e7117806870bfa2b71868b2a32751b85af8bfe97
                    • Opcode Fuzzy Hash: 2eb706bc8b3eb80b5f6faf0b165b2bba0e4a25ffac311980a1de0252b3ec481d
                    • Instruction Fuzzy Hash: 1F31C561A0CA4281EB90FB03A9456699255AF04BE8FC45635ED7C2F7D6EF3CE48083B1
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: BreakDebugDebuggerPresent$MessageSend$CreateWindow
                    • String ID: Button$checkbox
                    • API String ID: 4072779187-774236844
                    • Opcode ID: 7cf5f53a26b5516fabddd4eb2117618d26d3b4433007ead4f8b60576ecea3a6e
                    • Instruction ID: 0e052b5d1ac1046659d81021489344f6b88610f2112764ffe4209c989f493aa8
                    • Opcode Fuzzy Hash: 7cf5f53a26b5516fabddd4eb2117618d26d3b4433007ead4f8b60576ecea3a6e
                    • Instruction Fuzzy Hash: F9318A32A14B518AF740EB62E8447ACB3B8BB18B98F544134DE6C2BB85DF7CD04587A0
                    Strings
                    • sweep: tried to preserve a user arena spansync/atomic: store of nil value into Valueunexpected signal during runtime executionx509: %q cannot be encoded as an IA5Stringx509: RSA modulus is not a positive numberError enabling Transport HTTP/2 support: %vTranspo, xrefs: 0042148F
                    • mspan.sweep: bad span state after sweepmultipart: can't write to finished partout of memory allocating heap arena mapreflect.MakeMapWithSize of non-map typeruntime: blocked write on free polldescstack growth not allowed in system callsuspendG from non-preempti, xrefs: 004214B6
                    • sweep increased allocation countsync: Unlock of unlocked RWMutexsync: negative WaitGroup countertls: NextProtos values too largetls: unknown Renegotiation valuetotal sampling factors too largetransform: short internal bufferunexpected character, want colonuse , xrefs: 004214C7
                    • mspan.sweep: bad span statenet/http: invalid method %qnet/http: use last responsenot a XENIX named type fileprogToPointerMask: overflowreflect.Value.UnsafePointerrepeated component selectorrunlock of unlocked rwmutexruntime: corrupted polldescruntime: netpolli, xrefs: 0042172A
                    • swept cached spansync.RWMutex.Lockthread exhaustiontransfer-encodingtruncated headersunexpected familyunknown caller pcunknown type kindunrecognized namewait for GC cyclewglGetProcAddresswinpty_config_newwinpty_conin_namewinpty_error_codewinpty_error_freewrong, xrefs: 004214A5
                    • mspan.sweep: m is not lockedmulticast router terminationmultipart: message too largeneed padding in bucket (key)newproc1: new g is not Gdeadnewproc1: newg missing stackos: process already finishedpending ASN.1 child too longprotocol driver not attachedreflect., xrefs: 0042173B
                    Memory Dump Source
                    • Source File: 00000000.00000002.2358808337.0000000000400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2358808337.00000000008DC000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000AD2000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3C000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B6F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000BEB000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C56000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C85000.00000040.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID: mspan.sweep: bad span state after sweepmultipart: can't write to finished partout of memory allocating heap arena mapreflect.MakeMapWithSize of non-map typeruntime: blocked write on free polldescstack growth not allowed in system callsuspendG from non-preempti$mspan.sweep: bad span statenet/http: invalid method %qnet/http: use last responsenot a XENIX named type fileprogToPointerMask: overflowreflect.Value.UnsafePointerrepeated component selectorrunlock of unlocked rwmutexruntime: corrupted polldescruntime: netpolli$mspan.sweep: m is not lockedmulticast router terminationmultipart: message too largeneed padding in bucket (key)newproc1: new g is not Gdeadnewproc1: newg missing stackos: process already finishedpending ASN.1 child too longprotocol driver not attachedreflect.$sweep increased allocation countsync: Unlock of unlocked RWMutexsync: negative WaitGroup countertls: NextProtos values too largetls: unknown Renegotiation valuetotal sampling factors too largetransform: short internal bufferunexpected character, want colonuse $sweep: tried to preserve a user arena spansync/atomic: store of nil value into Valueunexpected signal during runtime executionx509: %q cannot be encoded as an IA5Stringx509: RSA modulus is not a positive numberError enabling Transport HTTP/2 support: %vTranspo$swept cached spansync.RWMutex.Lockthread exhaustiontransfer-encodingtruncated headersunexpected familyunknown caller pcunknown type kindunrecognized namewait for GC cyclewglGetProcAddresswinpty_config_newwinpty_conin_namewinpty_error_codewinpty_error_freewrong
                    • API String ID: 0-1108741276
                    • Opcode ID: 2ed7e6fa5552397ebce1a626cf0b49775a0e8d313329113bb5b72d30e2d51617
                    • Instruction ID: b817e28b26902ceaf69b8aa294e83e2625ea68e2d3ffcdbb6b109af90ad4fb90
                    • Opcode Fuzzy Hash: 2ed7e6fa5552397ebce1a626cf0b49775a0e8d313329113bb5b72d30e2d51617
                    • Instruction Fuzzy Hash: 2252D072308AE486D721CF15F4407AEB7A1F395B84F899216EA8E43B55CF3CC995CB44
                    Strings
                    • malloc deadlockmisaligned maskmissing addressmissing mcache?negative offsetnetwork is downno medium foundno such processnon-minimal tagping -n 1 -w 1 preempt SPWRITErecord overflowrecovery failedrecv_rststream_runtime error: runtimer: bad pscan missed a gstart, xrefs: 0040C125
                    • mallocgc called with gcphase == _GCmarkterminationnet/http: HTTP/1.x transport connection broken: %wnet/http: Transport failed to read from server: %vnet/http: cannot rewind body after connection lossrecursive call during initialization - linker skewruntime: u, xrefs: 0040C136
                    • !"#$%%&&''((()))*++,,,,,------....//////0001123333333333444444444455666677777888888888889999999999::::::;;;;;;;;;;;;;;;;<<<<<<<<<<<<<<<<=====>>>>>>>>>>>??????????@@@@@@@@@@@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC, xrefs: 0040BC8D
                    • malloc during signalmissing IPv6 addressmultiple SOF markersnotetsleep not on g0number has no digitsnumber of componentsp mcache not flushedpad length too largepk7 un padding errorread_frame_too_largereflect.Value.SetIntreflect.makeFuncStubrouter advertisement, xrefs: 0040C110
                    • mallocgc called without a P or outside bootstrappingprotocol error: received DATA before a HEADERS frameruntime.SetFinalizer: pointer not in allocated blockspan set block with unpopped elements found in resettls: received a session ticket with invalid lifetime, xrefs: 0040C0FF
                    • delayed zeroing on data that may contain pointersecdsa: internal error: truncated hash is too longfully empty unfreed span set block found in resethttp2: request body closed due to handler exitinghttp: wrote more than the declared Content-Lengthinvalid memory , xrefs: 0040C0B7
                    Memory Dump Source
                    • Source File: 00000000.00000002.2358808337.0000000000400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2358808337.00000000008DC000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000AD2000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3C000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B6F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000BEB000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C56000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C85000.00000040.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID: !"#$%%&&''((()))*++,,,,,------....//////0001123333333333444444444455666677777888888888889999999999::::::;;;;;;;;;;;;;;;;<<<<<<<<<<<<<<<<=====>>>>>>>>>>>??????????@@@@@@@@@@@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC$delayed zeroing on data that may contain pointersecdsa: internal error: truncated hash is too longfully empty unfreed span set block found in resethttp2: request body closed due to handler exitinghttp: wrote more than the declared Content-Lengthinvalid memory $malloc deadlockmisaligned maskmissing addressmissing mcache?negative offsetnetwork is downno medium foundno such processnon-minimal tagping -n 1 -w 1 preempt SPWRITErecord overflowrecovery failedrecv_rststream_runtime error: runtimer: bad pscan missed a gstart$malloc during signalmissing IPv6 addressmultiple SOF markersnotetsleep not on g0number has no digitsnumber of componentsp mcache not flushedpad length too largepk7 un padding errorread_frame_too_largereflect.Value.SetIntreflect.makeFuncStubrouter advertisement$mallocgc called with gcphase == _GCmarkterminationnet/http: HTTP/1.x transport connection broken: %wnet/http: Transport failed to read from server: %vnet/http: cannot rewind body after connection lossrecursive call during initialization - linker skewruntime: u$mallocgc called without a P or outside bootstrappingprotocol error: received DATA before a HEADERS frameruntime.SetFinalizer: pointer not in allocated blockspan set block with unpopped elements found in resettls: received a session ticket with invalid lifetime
                    • API String ID: 0-1682738823
                    • Opcode ID: 732634bba96246477cb10730afcae1774b7705f67a65d9fdeb72fe3784357872
                    • Instruction ID: ac27c76d2a4837ee23cbcb7e13e46455c238f63712fcb2c11959f6842e6c38fc
                    • Opcode Fuzzy Hash: 732634bba96246477cb10730afcae1774b7705f67a65d9fdeb72fe3784357872
                    • Instruction Fuzzy Hash: 2E22C072618B84C2DB10CB16E4407AAB761F389BD4F585227EF8D27B95CB3CC845CB89
                    Strings
                    • out of memory allocating heap arena metadatareflect: funcLayout with interface receiver reflect: slice length out of range in SetLenspan on userArena.faultList has invalid sizethe root node identity matrix is already settls: server sent an incorrect legacy ver, xrefs: 0040B306
                    • out of memory allocating heap arena mapreflect.MakeMapWithSize of non-map typeruntime: blocked write on free polldescstack growth not allowed in system callsuspendG from non-preemptible goroutinetags don't match (%d vs %+v) %+v %s @%dtls: internal error: wrong, xrefs: 0040B328
                    • misrounded allocation in sysAllocnet/http: skip alternate protocolpad size larger than data payloadpseudo header field after regularreflect.nameFrom: name too long: reflect: Field index out of rangereflect: NumOut of non-func type reflect: array index out of r, xrefs: 0040B5FA
                    • arena already initializedbad status in shrinkstackbad system huge page sizechansend: spurious wakeupcheckdead: no m for timercheckdead: no p for timercontext deadline exceededduplicate address requestexplicit tag has no childframe_data_pad_byte_shortframe_head, xrefs: 0040B317
                    • out of memory allocating allArenasreflect: ChanDir of non-chan type reflect: Field index out of boundsreflect: Field of non-struct type reflect: string index out of rangeruntime.SetFinalizer: cannot pass runtime: g is running but p is notsalsa20: output smalle, xrefs: 0040B2F5
                    • memory reservation exceeds address space limitnet/http: internal error: misuse of tryDelivernet/http: too many 1xx informational responsesos: unexpected result from WaitForSingleObjectpanicwrap: unexpected string after type name: protocol error: received DATA , xrefs: 0040B60B
                    Memory Dump Source
                    • Source File: 00000000.00000002.2358808337.0000000000400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2358808337.00000000008DC000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000AD2000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3C000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B6F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000BEB000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C56000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C85000.00000040.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID: arena already initializedbad status in shrinkstackbad system huge page sizechansend: spurious wakeupcheckdead: no m for timercheckdead: no p for timercontext deadline exceededduplicate address requestexplicit tag has no childframe_data_pad_byte_shortframe_head$memory reservation exceeds address space limitnet/http: internal error: misuse of tryDelivernet/http: too many 1xx informational responsesos: unexpected result from WaitForSingleObjectpanicwrap: unexpected string after type name: protocol error: received DATA $misrounded allocation in sysAllocnet/http: skip alternate protocolpad size larger than data payloadpseudo header field after regularreflect.nameFrom: name too long: reflect: Field index out of rangereflect: NumOut of non-func type reflect: array index out of r$out of memory allocating allArenasreflect: ChanDir of non-chan type reflect: Field index out of boundsreflect: Field of non-struct type reflect: string index out of rangeruntime.SetFinalizer: cannot pass runtime: g is running but p is notsalsa20: output smalle$out of memory allocating heap arena mapreflect.MakeMapWithSize of non-map typeruntime: blocked write on free polldescstack growth not allowed in system callsuspendG from non-preemptible goroutinetags don't match (%d vs %+v) %+v %s @%dtls: internal error: wrong$out of memory allocating heap arena metadatareflect: funcLayout with interface receiver reflect: slice length out of range in SetLenspan on userArena.faultList has invalid sizethe root node identity matrix is already settls: server sent an incorrect legacy ver
                    • API String ID: 0-3797582500
                    • Opcode ID: b5398350547689e22f5ef669f9ff1dda59a4e35cf09e7f5542b574d65dc95aa7
                    • Instruction ID: 0f79e82c7e9cbb797ee366248e878d033961001485d293837ecddaaf8bd7c452
                    • Opcode Fuzzy Hash: b5398350547689e22f5ef669f9ff1dda59a4e35cf09e7f5542b574d65dc95aa7
                    • Instruction Fuzzy Hash: A6F1BB72608BC482DB60CB52E4503AAB765F789B94F448236EFAD63799DF3CC445C788
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: File$BreakCloseCreateDebugDebuggerHandlePresentWrite
                    • String ID:
                    • API String ID: 1972684123-0
                    • Opcode ID: d645ec07e3238ac30774c22700771918db8b5489011488d2a47c745b753ae5a7
                    • Instruction ID: 9384b17e12ddeb4e40264206eaca8f4ce1e761042da50486d495290690a6f24d
                    • Opcode Fuzzy Hash: d645ec07e3238ac30774c22700771918db8b5489011488d2a47c745b753ae5a7
                    • Instruction Fuzzy Hash: 9F215B3161864186EB90EB11A405779E760BB447B8F844730EAB95B7C8DF7CD45587A0
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: CloseHandle$EventExceptionFilterObjectSingleUnhandledWait
                    • String ID:
                    • API String ID: 1715184775-0
                    • Opcode ID: 9d12b1d6be677e968ddbe0f242f29617b010d3d50676e08970891f07931f17b1
                    • Instruction ID: dc4de88165164d528095841f8b0f76f7867151e4055a33c6c706c96b2254586c
                    • Opcode Fuzzy Hash: 9d12b1d6be677e968ddbe0f242f29617b010d3d50676e08970891f07931f17b1
                    • Instruction Fuzzy Hash: 8A31A521A2AA0791FBC1FB63E955B34A360AF95754F910132E83D6F2F1CF2DA04493E4
                    APIs
                    • RegOpenKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,?,00000000,00007FF7F39DB613), ref: 00007FF7F39DB58E
                    • InitializeSecurityDescriptor.ADVAPI32(?,?,?,?,?,?,?,?,?,?,00000000,00007FF7F39DB613), ref: 00007FF7F39DB5A2
                    • SetSecurityDescriptorDacl.ADVAPI32(?,?,?,?,?,?,?,?,?,?,00000000,00007FF7F39DB613), ref: 00007FF7F39DB5B5
                    • RegSetKeySecurity.ADVAPI32(?,?,?,?,?,?,?,?,?,?,00000000,00007FF7F39DB613), ref: 00007FF7F39DB5C8
                    • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,00000000,00007FF7F39DB613), ref: 00007FF7F39DB5D3
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: Security$Descriptor$CloseDaclInitializeOpen
                    • String ID:
                    • API String ID: 806759245-0
                    • Opcode ID: 302a33954688a1477d5f8774ae6a06e0de1908a6a9d6d13a86e4c002b0f3cacc
                    • Instruction ID: 013ddecbaacd8e106fa31008d1d6312e040f3738e15aa834533a9fc60b019cff
                    • Opcode Fuzzy Hash: 302a33954688a1477d5f8774ae6a06e0de1908a6a9d6d13a86e4c002b0f3cacc
                    • Instruction Fuzzy Hash: 5A01EC2171854282E750FB25E454969A361EF94BE4F804331EE6E1B7E8DE3CD548CB50
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: BreakDebugDebuggerPresent
                    • String ID: InstallLocation$vsnprintf() returned -1
                    • API String ID: 1472931004-2891778711
                    • Opcode ID: c23574464efcc64ddb0ca72c46a5b71ea7ca6c4c6e07c4e72f43faf819c4ba9d
                    • Instruction ID: 0fc592460232e27a7b7b81b3d64f0187ec94bf8d0f43302a659ea2de5fe4151d
                    • Opcode Fuzzy Hash: c23574464efcc64ddb0ca72c46a5b71ea7ca6c4c6e07c4e72f43faf819c4ba9d
                    • Instruction Fuzzy Hash: C631B322A1965641FBA0FE12A8457BAE350AF44B98FC40131EDBD2F7C5EE3CE541C7A0
                    APIs
                    • IsDebuggerPresent.KERNEL32(00000000,?,?), ref: 00007FF7F39E22D6
                    • DebugBreak.KERNEL32 ref: 00007FF7F39E22E0
                    • IsDebuggerPresent.KERNEL32(00000000,?,?), ref: 00007FF7F39E23A2
                    • DebugBreak.KERNEL32 ref: 00007FF7F39E23AC
                      • Part of subcall function 00007FF7F39E2F48: IsDebuggerPresent.KERNEL32(?,?,00000000,00007FF7F39E2BAC,?,00000000,?,?,?,?,?,00007FF7F39E2CC4,?,?,?,00007FF7F39C7B87), ref: 00007FF7F39E2F92
                      • Part of subcall function 00007FF7F39E2F48: DebugBreak.KERNEL32(?,?,00000000,00007FF7F39E2BAC,?,00000000,?,?,?,?,?,00007FF7F39E2CC4,?,?,?,00007FF7F39C7B87), ref: 00007FF7F39E2F9C
                      • Part of subcall function 00007FF7F39E2F48: IsDebuggerPresent.KERNEL32(?,?,00000000,00007FF7F39E2BAC,?,00000000,?,?,?,?,?,00007FF7F39E2CC4,?,?,?,00007FF7F39C7B87), ref: 00007FF7F39E2FA8
                      • Part of subcall function 00007FF7F39E2F48: DebugBreak.KERNEL32(?,?,00000000,00007FF7F39E2BAC,?,00000000,?,?,?,?,?,00007FF7F39E2CC4,?,?,?,00007FF7F39C7B87), ref: 00007FF7F39E2FB2
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: BreakDebugDebuggerPresent
                    • String ID:
                    • API String ID: 1472931004-0
                    • Opcode ID: 092b3d11bf895c6a340830e3d54738e375d19bd2327582327498799680e23495
                    • Instruction ID: 6df846bb15ac9272a20cc4c17ae607c5135c4a6e4454ee6b86d2920deb59e0f5
                    • Opcode Fuzzy Hash: 092b3d11bf895c6a340830e3d54738e375d19bd2327582327498799680e23495
                    • Instruction Fuzzy Hash: 9551C262618A4291DF54FF12C4400ACA361FB84F98B958232DE6D2B3D9DF38E589C7B1
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: BreakDebugDebuggerPresent
                    • String ID:
                    • API String ID: 1472931004-0
                    • Opcode ID: b2466b0ca1c98f9c62223f3e63977e5ce0c8709960dff960cb5f7a3cd98cd81a
                    • Instruction ID: ba0cb87050e7f4c652ae8ee2a126996e93a379d2b5806a1d3c6695da403fa996
                    • Opcode Fuzzy Hash: b2466b0ca1c98f9c62223f3e63977e5ce0c8709960dff960cb5f7a3cd98cd81a
                    • Instruction Fuzzy Hash: 15318221A0CA4281EBA0EB15E445379E361FF44BDCF849131DAAC5A6D8CF3CD445CBB0
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: ByteCharMultiWide$BreakDebugDebuggerPresent
                    • String ID:
                    • API String ID: 327690816-0
                    • Opcode ID: f65d0188e2d3430c3a1e37e6ed3a761910984096fe5ab0bd1c460c8e08700f59
                    • Instruction ID: e336ae7099fa1b260e2991ae724d6f0dc9bc2c5cca14b6de478e44c26ee3180a
                    • Opcode Fuzzy Hash: f65d0188e2d3430c3a1e37e6ed3a761910984096fe5ab0bd1c460c8e08700f59
                    • Instruction Fuzzy Hash: 5E210725A0C74141E754FB13A44033AE291AF54BE9F488334DE6D2FBD8DF3CD04146A1
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: BreakDebugDebuggerPresentWindow
                    • String ID:
                    • API String ID: 499054355-0
                    • Opcode ID: 6224742a886e595203dac4098c4b8632aa440b6c8f5fd4e5982f7e2ea27d6b55
                    • Instruction ID: 5a71f8106ed441c10dda9ff366ec1bad93d8cf35fd7f403f5fb70cf72d0a6de4
                    • Opcode Fuzzy Hash: 6224742a886e595203dac4098c4b8632aa440b6c8f5fd4e5982f7e2ea27d6b55
                    • Instruction Fuzzy Hash: DE116021A18B5181EB50BB13A945139F3A4BF54FC4F984035DE996BB99DF7CE4028790
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: BreakDebugDebuggerPresent
                    • String ID:
                    • API String ID: 1472931004-0
                    • Opcode ID: 6679ed552abee9c89a707ae09ce061232818f9c040d203e9560bf2b09b7bdb5d
                    • Instruction ID: 68e5bc9e9fc6a32a4fb77536582125b90500705f17c74865dc70065d79eb1911
                    • Opcode Fuzzy Hash: 6679ed552abee9c89a707ae09ce061232818f9c040d203e9560bf2b09b7bdb5d
                    • Instruction Fuzzy Hash: 1911B621A1C65285E7A1FB265504235A794AF54FF4FC55230DEB9AB7C9DE2CE40087A0
                    APIs
                    • IsDebuggerPresent.KERNEL32(?,?,?,?,00000000,00007FF7F39E04B4,?,?,00000000,00007FF7F39E2C96,?,?,?,00007FF7F39C7B87), ref: 00007FF7F39E032F
                    • DebugBreak.KERNEL32(?,?,?,?,00000000,00007FF7F39E04B4,?,?,00000000,00007FF7F39E2C96,?,?,?,00007FF7F39C7B87), ref: 00007FF7F39E0339
                    • MultiByteToWideChar.KERNEL32 ref: 00007FF7F39E0372
                    • MultiByteToWideChar.KERNEL32 ref: 00007FF7F39E03B0
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: ByteCharMultiWide$BreakDebugDebuggerPresent
                    • String ID:
                    • API String ID: 327690816-0
                    • Opcode ID: ef2c6d8385fda16ff22641ae884fd1bc303372a476970b0a1c5992e93f1c4d01
                    • Instruction ID: 30c0fba43d6a5f6cb88ec9998293105409a9ad4fb459c17059688223c126698c
                    • Opcode Fuzzy Hash: ef2c6d8385fda16ff22641ae884fd1bc303372a476970b0a1c5992e93f1c4d01
                    • Instruction Fuzzy Hash: 37118621A08B4286E754FB57A404229E7A5FF88BD8F845134DA5D6B795DF3CD0418760
                    APIs
                    • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?,?,00007FF7F39DDDFD,?,?,Page %s,00007FF7F39D2D0A), ref: 00007FF7F39DD860
                    • DebugBreak.KERNEL32(?,?,?,?,?,?,?,00007FF7F39DDDFD,?,?,Page %s,00007FF7F39D2D0A), ref: 00007FF7F39DD86A
                    • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?,?,00007FF7F39DDDFD,?,?,Page %s,00007FF7F39D2D0A), ref: 00007FF7F39DD88A
                    • DebugBreak.KERNEL32(?,?,?,?,?,?,?,00007FF7F39DDDFD,?,?,Page %s,00007FF7F39D2D0A), ref: 00007FF7F39DD894
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: BreakDebugDebuggerPresent
                    • String ID:
                    • API String ID: 1472931004-0
                    • Opcode ID: 7db6c6cb56584c74555a97992e2daaf1096cfb767d72cd0c62bf29b3ba10681b
                    • Instruction ID: 01dee6c147a72c20c65b580f73aeb94cf0eb25f262827ef173e17f04a4b53087
                    • Opcode Fuzzy Hash: 7db6c6cb56584c74555a97992e2daaf1096cfb767d72cd0c62bf29b3ba10681b
                    • Instruction Fuzzy Hash: 0A016735A1865292E7A4FF12E54542DF360AF84B94F94A130D6AA5B3E8DF3CE44186B0
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: BreakDebugDebuggerParentPresentShowWindow
                    • String ID:
                    • API String ID: 2348693696-0
                    • Opcode ID: 55a8e801ca7181080f8258915ac10464b2f427475b61c716cace5b293064ef09
                    • Instruction ID: 709c31f857afdd36ff0b3dd94cd6b77ea3bf6f9bd0e6c47c198de9d03aeb5b32
                    • Opcode Fuzzy Hash: 55a8e801ca7181080f8258915ac10464b2f427475b61c716cace5b293064ef09
                    • Instruction Fuzzy Hash: 72F02826B08A0182E790BF27E1857399261FF84BA8F844130DA6D166D8DF3CE4508790
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: CriticalSection$BreakDebugDebuggerEnterLeavePresent
                    • String ID:
                    • API String ID: 1071599319-0
                    • Opcode ID: 593b0e0a9ac681da84a16edaca4e7c68e2b8cfb3dd1982fb7a872a556c361086
                    • Instruction ID: 734bbe3558073c6ade6f5e55e633d78a04237f267f26e4aa2cc314cdbd64a5b1
                    • Opcode Fuzzy Hash: 593b0e0a9ac681da84a16edaca4e7c68e2b8cfb3dd1982fb7a872a556c361086
                    • Instruction Fuzzy Hash: 8DF0C964E0D50381FFE4BB62E8597749260AF54B59FC41030E87E691E9EE2CF58986B0
                    Strings
                    • findrunnable: netpoll with spinningflate: corrupt input before offset form-data; name="%s"; filename="%s"greyobject: obj not pointer-alignedhpack: invalid Huffman-encoded datahttp: server closed idle connectionmheap.freeSpanLocked - invalid freemime: bogus cha, xrefs: 0043852F
                    • findrunnable: wrong pframe_ping_has_streamhttp: Handler timeouthttp: nil Request.URLhttps://%s:%s/connectimage: unknown formatin string escape codeinvalid JPEG format: invalid NumericStringinvalid named captureinvalid scalar lengthkey is not comparablelink has, xrefs: 00438567
                    • findrunnable: netpoll with pforgetting unknown stream idfound pointer to free objectgcBgMarkWorker: mode not setgcstopm: negative nmspinninggeneral SOCKS server failurehttp2: Transport received %shttp2: client conn is closedhttp: no Host in request URLinvalid , xrefs: 00438545
                    • findrunnable: negative nmspinningframe_pushpromise_promiseid_shortfreeing stack not in a stack spango package net: confVal.netCgo = http2: invalid pseudo headers: %vhttp2: recursive push not allowedhttp: CloseIdleConnections calledhttp: invalid Read on closed , xrefs: 00438556
                    Memory Dump Source
                    • Source File: 00000000.00000002.2358808337.0000000000400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2358808337.00000000008DC000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000AD2000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3C000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B6F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000BEB000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C56000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C85000.00000040.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID: findrunnable: negative nmspinningframe_pushpromise_promiseid_shortfreeing stack not in a stack spango package net: confVal.netCgo = http2: invalid pseudo headers: %vhttp2: recursive push not allowedhttp: CloseIdleConnections calledhttp: invalid Read on closed $findrunnable: netpoll with pforgetting unknown stream idfound pointer to free objectgcBgMarkWorker: mode not setgcstopm: negative nmspinninggeneral SOCKS server failurehttp2: Transport received %shttp2: client conn is closedhttp: no Host in request URLinvalid $findrunnable: netpoll with spinningflate: corrupt input before offset form-data; name="%s"; filename="%s"greyobject: obj not pointer-alignedhpack: invalid Huffman-encoded datahttp: server closed idle connectionmheap.freeSpanLocked - invalid freemime: bogus cha$findrunnable: wrong pframe_ping_has_streamhttp: Handler timeouthttp: nil Request.URLhttps://%s:%s/connectimage: unknown formatin string escape codeinvalid JPEG format: invalid NumericStringinvalid named captureinvalid scalar lengthkey is not comparablelink has
                    • API String ID: 0-3072155609
                    • Opcode ID: eeb4ffd394496537a19ba8f4cc0ad25077f22d8371bf9de18a9f280de39b90df
                    • Instruction ID: 6dac8e5a1d747fcd88f54a52301fff4c1bba42c98d979c484569b164f0eb443d
                    • Opcode Fuzzy Hash: eeb4ffd394496537a19ba8f4cc0ad25077f22d8371bf9de18a9f280de39b90df
                    • Instruction Fuzzy Hash: C5529172209B81C6EB30DB55E4803AAB360F789B84F44613BDA8D57B69DF7CC845CB45
                    APIs
                    • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7F3A0164B
                      • Part of subcall function 00007FF7F39FAFEC: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF7F39FAF9B,?,?,?,?,?,00007FF7F39FAE86), ref: 00007FF7F39FAFF5
                      • Part of subcall function 00007FF7F39FAFEC: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF7F39FAF9B,?,?,?,?,?,00007FF7F39FAE86), ref: 00007FF7F39FB01A
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: CurrentFeaturePresentProcessProcessor_invalid_parameter_noinfo
                    • String ID: PATH$\
                    • API String ID: 4036615347-1896636505
                    • Opcode ID: 3c14e885eabf73de7be5d025c2f709a09f6d8b5810132a1d5cb4c1fb6c924be0
                    • Instruction ID: b7639f46fa2aa711536999f2295f688d1826e54e066f3dfdf8753e12b04d3f2e
                    • Opcode Fuzzy Hash: 3c14e885eabf73de7be5d025c2f709a09f6d8b5810132a1d5cb4c1fb6c924be0
                    • Instruction Fuzzy Hash: 2591E8A5F0860245FBA6BB729450AFDA6A16F41788FD44534EE3E2F3C5DE3CE44182B1
                    Strings
                    • G waiting list is corruptedGdipCreateBitmapFromHBITMAPGdipCreateHBITMAPFromBitmapGetSecurityDescriptorLengthGetUserPreferredUILanguagesIPv6 field has value >=2^16NAF digits must fit in int8PdhGetFormattedCounterValueSetupDiClassNameFromGuidExWSetupDiGetDeviceI, xrefs: 00406A24
                    • Xd@, xrefs: 004064C0
                    • unreachableuserenv.dlluxtheme.dllversion.dllwinpty_freewinpty_openwsarecvfrom (sensitive)100-continue127.0.0.1:53152587890625762939453125AMDisbetter!AuthenticAMDBidi_ControlCIDR addressCONTINUATIONCentaurHaulsCfgMgr32.dllChooseColorWCoCreateGuidCoInitializeCon, xrefs: 00406670
                    • Xd@, xrefs: 00406B7B
                    Memory Dump Source
                    • Source File: 00000000.00000002.2358808337.0000000000400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2358808337.00000000008DC000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000AD2000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3C000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B6F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000BEB000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C56000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C85000.00000040.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID: G waiting list is corruptedGdipCreateBitmapFromHBITMAPGdipCreateHBITMAPFromBitmapGetSecurityDescriptorLengthGetUserPreferredUILanguagesIPv6 field has value >=2^16NAF digits must fit in int8PdhGetFormattedCounterValueSetupDiClassNameFromGuidExWSetupDiGetDeviceI$Xd@$Xd@$unreachableuserenv.dlluxtheme.dllversion.dllwinpty_freewinpty_openwsarecvfrom (sensitive)100-continue127.0.0.1:53152587890625762939453125AMDisbetter!AuthenticAMDBidi_ControlCIDR addressCONTINUATIONCentaurHaulsCfgMgr32.dllChooseColorWCoCreateGuidCoInitializeCon
                    • API String ID: 0-2741222215
                    • Opcode ID: 0c4cb6ededbb5f2d68cd6b24ddea91578af6bea32e4aa4862e65e72884978893
                    • Instruction ID: 4e90dc27a685e5ed27aaee1d23453ccfd403501b68cedb12349a5ec371b12b61
                    • Opcode Fuzzy Hash: 0c4cb6ededbb5f2d68cd6b24ddea91578af6bea32e4aa4862e65e72884978893
                    • Instruction Fuzzy Hash: 3D02E072308B8485D720DB26E44035AB7A1F789BC4F59913ADE8E6779ACF3DC465C704
                    APIs
                      • Part of subcall function 00007FF7F39CEAD4: SendMessageW.USER32 ref: 00007FF7F39CEB01
                    • IsDebuggerPresent.KERNEL32(?,?,00000000,?,00000000,00007FF7F39D0CC0), ref: 00007FF7F39D25F4
                    • DebugBreak.KERNEL32(?,?,00000000,?,00000000,00007FF7F39D0CC0), ref: 00007FF7F39D25FE
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: BreakDebugDebuggerMessagePresentSend
                    • String ID: enginePdf
                    • API String ID: 874923782-3077620822
                    • Opcode ID: 11713ffc88f4f06935b7115df953b60ee44c535e869c9a4b371afd4d5ed14251
                    • Instruction ID: c98bfa2448fd207be17659950bed9d57e59c9d9dbf9c0a98fde8d7a16e700b86
                    • Opcode Fuzzy Hash: 11713ffc88f4f06935b7115df953b60ee44c535e869c9a4b371afd4d5ed14251
                    • Instruction Fuzzy Hash: F7418222A0978245EFA5EB15D045378A7A0FB40B9CF884136CAED5B7E5DF3CE485C7A0
                    Strings
                    • runtime/internal/scanobject n == 0seeker can't seekselect (no cases)swept cached spansync.RWMutex.Lockthread exhaustiontransfer-encodingtruncated headersunexpected familyunknown caller pcunknown type kindunrecognized namewait for GC cyclewglGetProcAddresswinpt, xrefs: 00432983
                    • bad restart PCbad span statecontent-lengthdata truncatedfile too largefinalizer waitgetprotobynameinternal errorinvalid optioninvalid pid %vinvalid syntaxis a directorykey size wronglevel 2 haltedlevel 3 haltedmultipartfilesneed more datanil elem type!no modul, xrefs: 00432AA2
                    • runtime., xrefs: 00432950
                    • reflect., xrefs: 004329B4
                    Memory Dump Source
                    • Source File: 00000000.00000002.2358808337.0000000000400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2358808337.00000000008DC000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000AD2000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3C000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B6F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000BEB000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C56000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C85000.00000040.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID: bad restart PCbad span statecontent-lengthdata truncatedfile too largefinalizer waitgetprotobynameinternal errorinvalid optioninvalid pid %vinvalid syntaxis a directorykey size wronglevel 2 haltedlevel 3 haltedmultipartfilesneed more datanil elem type!no modul$reflect.$runtime.$runtime/internal/scanobject n == 0seeker can't seekselect (no cases)swept cached spansync.RWMutex.Lockthread exhaustiontransfer-encodingtruncated headersunexpected familyunknown caller pcunknown type kindunrecognized namewait for GC cyclewglGetProcAddresswinpt
                    • API String ID: 0-938509466
                    • Opcode ID: 6b5ffcb17211d4e84f53e7b9ba6189d04234684868f4bc7ba33c309d6eee9982
                    • Instruction ID: 13d9e7df78a311000379b419efa1a0a07e62ebf7a2a8418218a02ff832490943
                    • Opcode Fuzzy Hash: 6b5ffcb17211d4e84f53e7b9ba6189d04234684868f4bc7ba33c309d6eee9982
                    • Instruction Fuzzy Hash: 4491CE72708B8086DB20DF16E14035EB762FB88BD4F689126EB8D47B59CBBCC495CB44
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: CreateInitializeInstanceUninitialize
                    • String ID:
                    • API String ID: 948891078-0
                    • Opcode ID: e17189e0ae5be068232994c5383de0e83afe9f8ffa9260cdce511ac8ba461bce
                    • Instruction ID: b3d311c0bb236ff0333edab36825a3bfcb6dabb41ed72e27ea97f9a2faa8003c
                    • Opcode Fuzzy Hash: e17189e0ae5be068232994c5383de0e83afe9f8ffa9260cdce511ac8ba461bce
                    • Instruction Fuzzy Hash: F651A266B19A0185EB84EB63D8056BD63A0BB49FD8F844131DE6D6B785CF3CD045C3A0
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: BreakDebugDebuggerMessagePresentSend
                    • String ID:
                    • API String ID: 874923782-0
                    • Opcode ID: 2438d6679befb174776e455805fb8193412c921482d23dbe509b83eb074204e1
                    • Instruction ID: e96052a682b2a201edfa213dfe648d1854e6279360a1b9ddacf3b2e1a72a2799
                    • Opcode Fuzzy Hash: 2438d6679befb174776e455805fb8193412c921482d23dbe509b83eb074204e1
                    • Instruction Fuzzy Hash: 3A419B32714A8582DB50EB56E80475AB3A0FB89FD8F844231DEAD1BB99DF3CD005C750
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: AllocateCheckFreeInitializeMembershipToken
                    • String ID:
                    • API String ID: 3429775523-0
                    • Opcode ID: a49cbeafa3fdcd8480a6f97207faacffaee580b34d1dd0d25efc33d9de6d4921
                    • Instruction ID: a83130cf878754dadad7b6d52258c7ca3d45bc6d3b5e750e61030127865a1177
                    • Opcode Fuzzy Hash: a49cbeafa3fdcd8480a6f97207faacffaee580b34d1dd0d25efc33d9de6d4921
                    • Instruction Fuzzy Hash: 61115B72E046408AE7509FA2E4812AEB7B4FB48748F80013AEB8D66A58CF3CC144CF90
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: BreakDebugDebuggerPathPresentTemp
                    • String ID:
                    • API String ID: 2962303822-0
                    • Opcode ID: 45ba7a463558b591eb2efb117766b83327669dd8f4918e66c52aacfb35109feb
                    • Instruction ID: a17d4dc5ce628dfd91624c25e5d6a65541b685e0d7d3cf4249dc3f090a781e7e
                    • Opcode Fuzzy Hash: 45ba7a463558b591eb2efb117766b83327669dd8f4918e66c52aacfb35109feb
                    • Instruction Fuzzy Hash: DB016255A1C64242F7F0B772E4AA3BA9291BF58748FC00131D9AD6E3C5EE2CE1448A71
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: BreakDebugDebuggerMessagePresentSend
                    • String ID:
                    • API String ID: 874923782-0
                    • Opcode ID: f90e7df121dee9c9a6c79737eb7b74576d606745d537b1d21f02afdc9d82d401
                    • Instruction ID: 834ed4aa16010622b7bc86640352ab5ffffa3fcdcee855c879c99e324f301340
                    • Opcode Fuzzy Hash: f90e7df121dee9c9a6c79737eb7b74576d606745d537b1d21f02afdc9d82d401
                    • Instruction Fuzzy Hash: 3FF0F421A1865182E790AB5BE445769B360FF88FC4F805030EF6C6BB88DF3CD0518B50
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2361158172.00000188C5400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000188C5400000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_188c5400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID: gopa$runt
                    • API String ID: 0-4082892388
                    • Opcode ID: 83b2c8cc4c4ca9906c9b6dadf7316645d3a53c457b66c207b678f5e7e95c9740
                    • Instruction ID: 10419281a234a64afc2fbb1cfe8ec6c18a99bc5fab6c302a7696448201d681a2
                    • Opcode Fuzzy Hash: 83b2c8cc4c4ca9906c9b6dadf7316645d3a53c457b66c207b678f5e7e95c9740
                    • Instruction Fuzzy Hash: 7FE25E7015CB888FDBB5DB18C485BEAB7E1FB99700F948A1DE48983255DF30A941CB93
                    Strings
                    • G waiting list is corruptedGdipCreateBitmapFromHBITMAPGdipCreateHBITMAPFromBitmapGetSecurityDescriptorLengthGetUserPreferredUILanguagesIPv6 field has value >=2^16NAF digits must fit in int8PdhGetFormattedCounterValueSetupDiClassNameFromGuidExWSetupDiGetDeviceI, xrefs: 00405D06
                    • unreachableuserenv.dlluxtheme.dllversion.dllwinpty_freewinpty_openwsarecvfrom (sensitive)100-continue127.0.0.1:53152587890625762939453125AMDisbetter!AuthenticAMDBidi_ControlCIDR addressCONTINUATIONCentaurHaulsCfgMgr32.dllChooseColorWCoCreateGuidCoInitializeCon, xrefs: 0040581B
                    • chansend: spurious wakeupcheckdead: no m for timercheckdead: no p for timercontext deadline exceededduplicate address requestexplicit tag has no childframe_data_pad_byte_shortframe_headers_pad_too_bigframe_headers_zero_streamframe_priority_bad_lengthframe_sett, xrefs: 00405CE2
                    Memory Dump Source
                    • Source File: 00000000.00000002.2358808337.0000000000400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2358808337.00000000008DC000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000AD2000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3C000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B6F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000BEB000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C56000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C85000.00000040.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID: G waiting list is corruptedGdipCreateBitmapFromHBITMAPGdipCreateHBITMAPFromBitmapGetSecurityDescriptorLengthGetUserPreferredUILanguagesIPv6 field has value >=2^16NAF digits must fit in int8PdhGetFormattedCounterValueSetupDiClassNameFromGuidExWSetupDiGetDeviceI$chansend: spurious wakeupcheckdead: no m for timercheckdead: no p for timercontext deadline exceededduplicate address requestexplicit tag has no childframe_data_pad_byte_shortframe_headers_pad_too_bigframe_headers_zero_streamframe_priority_bad_lengthframe_sett$unreachableuserenv.dlluxtheme.dllversion.dllwinpty_freewinpty_openwsarecvfrom (sensitive)100-continue127.0.0.1:53152587890625762939453125AMDisbetter!AuthenticAMDBidi_ControlCIDR addressCONTINUATIONCentaurHaulsCfgMgr32.dllChooseColorWCoCreateGuidCoInitializeCon
                    • API String ID: 0-1806574779
                    • Opcode ID: 8fccd9767548091ba0b75654c9c2e297500a09812e4474cc1497af56b6e01191
                    • Instruction ID: e4657a1e7736dae411b594250a1cb1668398a1260e2b6b46d708dda5038d492d
                    • Opcode Fuzzy Hash: 8fccd9767548091ba0b75654c9c2e297500a09812e4474cc1497af56b6e01191
                    • Instruction Fuzzy Hash: 5CF1B132208B84C6E7109B26E44039BB7A1F749BE4F589226EE9D67BE5CF3CC454CB45
                    Strings
                    • reflect.makeFuncStubrouter advertisementruntime: double waitselectgo: bad wakeupsemaRoot rotateRightshort segment lengthtime: invalid numbertoo few shards giventrace: out of memoryunexpected characterunexpected network: unknown PSK identityunknown address type, xrefs: 00445486
                    • reflect mismatchregexp: Compile(remote I/O errorschedule: in cgotime: bad [0-9]*unknown network unpacking headerwglCreateContextwglDeleteContextwinpty-agent.exewinpty_error_msgworkbuf is emptywww-authenticate93.127.198.62 %%!%c(big.Int=%s)%d.%d.%d Build %d%, xrefs: 0044557E, 004455B8
                    • reflect.methodValueCallruntime: internal errorruntime: netpoll faileds.allocCount > s.nelemsschedule: holding lockssegment length too longshrinkstack at bad timeskipping Question Classspan has no free stacksstack growth after forksyntax error in patterntext/cs, xrefs: 0044546C
                    Memory Dump Source
                    • Source File: 00000000.00000002.2358808337.0000000000400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2358808337.00000000008DC000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000AD2000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3C000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B6F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000BEB000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C56000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C85000.00000040.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID: reflect mismatchregexp: Compile(remote I/O errorschedule: in cgotime: bad [0-9]*unknown network unpacking headerwglCreateContextwglDeleteContextwinpty-agent.exewinpty_error_msgworkbuf is emptywww-authenticate93.127.198.62 %%!%c(big.Int=%s)%d.%d.%d Build %d%$reflect.makeFuncStubrouter advertisementruntime: double waitselectgo: bad wakeupsemaRoot rotateRightshort segment lengthtime: invalid numbertoo few shards giventrace: out of memoryunexpected characterunexpected network: unknown PSK identityunknown address type$reflect.methodValueCallruntime: internal errorruntime: netpoll faileds.allocCount > s.nelemsschedule: holding lockssegment length too longshrinkstack at bad timeskipping Question Classspan has no free stacksstack growth after forksyntax error in patterntext/cs
                    • API String ID: 0-810208041
                    • Opcode ID: 4d94fa706cf4a7498c9e817b929e856c1cce8022e7e675bf23970e6ca0d635a5
                    • Instruction ID: 1f4898c8e88cca4010e9b95cd83d43304485bfc930e470de4ebc531638c14fac
                    • Opcode Fuzzy Hash: 4d94fa706cf4a7498c9e817b929e856c1cce8022e7e675bf23970e6ca0d635a5
                    • Instruction Fuzzy Hash: 08517C73615E4086DF50DB19E08025EB761F788BE8F589226EB9E577AACF3CC841CB44
                    Strings
                    • gp.waiting != nilhandshake failureif-modified-sinceillegal parameterin string literalinteger too largeinvalid BMPStringinvalid IA5Stringinvalid bit size invalid conn typeinvalid extensioninvalid operationinvalid stream IDkey align too biglength is invalidlocke, xrefs: 00440790
                    • selectgo: bad wakeupsemaRoot rotateRightshort segment lengthtime: invalid numbertoo few shards giventrace: out of memoryunexpected characterunexpected network: unknown PSK identityunknown address typewglGetCurrentContextwinpty_agent_processwirep: already in go, xrefs: 00440769
                    Memory Dump Source
                    • Source File: 00000000.00000002.2358808337.0000000000400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2358808337.00000000008DC000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000AD2000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3C000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B6F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000BEB000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C56000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C85000.00000040.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID: gp.waiting != nilhandshake failureif-modified-sinceillegal parameterin string literalinteger too largeinvalid BMPStringinvalid IA5Stringinvalid bit size invalid conn typeinvalid extensioninvalid operationinvalid stream IDkey align too biglength is invalidlocke$selectgo: bad wakeupsemaRoot rotateRightshort segment lengthtime: invalid numbertoo few shards giventrace: out of memoryunexpected characterunexpected network: unknown PSK identityunknown address typewglGetCurrentContextwinpty_agent_processwirep: already in go
                    • API String ID: 0-1436693584
                    • Opcode ID: 36f0d3be6905d91093d20a49e97b73b1bdd1b315475afddddc0757e676bc8976
                    • Instruction ID: 3586b8406d87c07d8f9eee7a92d688012d24af056c6901b592117eb0a813bc20
                    • Opcode Fuzzy Hash: 36f0d3be6905d91093d20a49e97b73b1bdd1b315475afddddc0757e676bc8976
                    • Instruction Fuzzy Hash: 33B2AC72608B8482E720DB12E5053AAB361F788BD4F549627EF9D07759DF3CC4A8C74A
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: BreakDebugDebuggerInfoLocalePresent
                    • String ID: VUUU
                    • API String ID: 2561428502-2040033107
                    • Opcode ID: 902e08c782d5aace046f55527db168f60c2a8ceb189502a640bed95a2d617f68
                    • Instruction ID: 56aaf4cb6d8e829ff59f379a4ff87f1b83ff5ad4d8ce1787b64891e671a1b225
                    • Opcode Fuzzy Hash: 902e08c782d5aace046f55527db168f60c2a8ceb189502a640bed95a2d617f68
                    • Instruction Fuzzy Hash: 6E41D532B08B4189E790EB75D4057ECA3A1AB44B98FC44231DEAD7B7CADE38D546C390
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: InfoLocale
                    • String ID: GetLocaleInfoEx
                    • API String ID: 2299586839-2904428671
                    • Opcode ID: 9a7693de757b4af148d22adafd11d90c32839ef0378dcdd4874ac453e7b34ff6
                    • Instruction ID: ccd0ab1252072a5a169125e3c66d9d2316935a50462b821fb60e11abdc405179
                    • Opcode Fuzzy Hash: 9a7693de757b4af148d22adafd11d90c32839ef0378dcdd4874ac453e7b34ff6
                    • Instruction Fuzzy Hash: 3401AC61B08A4185EB80FB57B4404A5F350EF84BD4F948435EE6D6BBE5CE3CD5418B90
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: BreakDebugDebuggerPresent
                    • String ID:
                    • API String ID: 1472931004-0
                    • Opcode ID: d3a932213719b625862b7451e840565c67d07cc6205847fe1a15f499b6148e89
                    • Instruction ID: 3681d405c6eaae3808f2f655889241b96ff8dc4550a107278f54f8852b42f845
                    • Opcode Fuzzy Hash: d3a932213719b625862b7451e840565c67d07cc6205847fe1a15f499b6148e89
                    • Instruction Fuzzy Hash: F2417091A0D69641EBE0FB174640178D692AF51BD8BC44234DA7D7F7C6FE2CE88183B1
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: BreakDebugDebuggerPresent
                    • String ID:
                    • API String ID: 1472931004-0
                    • Opcode ID: 5e9205a58d37f9e127477ab729f03744076634edcf064d7e1010cc5fb35b0269
                    • Instruction ID: 2f02a138a61231d2898342fc1cb1e78f303b3c726d82c873dd9c1db78f702645
                    • Opcode Fuzzy Hash: 5e9205a58d37f9e127477ab729f03744076634edcf064d7e1010cc5fb35b0269
                    • Instruction Fuzzy Hash: 3841A121A0C64285FBA0FF61C4552FCA7A1AB04B9CF984235CA7D2B6D5CF69E48583B1
                    APIs
                    • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00007FF7F39DDA56,?,?,?,00007FF7F39DDFB3), ref: 00007FF7F39DD92B
                    • DebugBreak.KERNEL32(?,?,?,?,?,00007FF7F39DDA56,?,?,?,00007FF7F39DDFB3), ref: 00007FF7F39DD935
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: BreakDebugDebuggerPresent
                    • String ID:
                    • API String ID: 1472931004-0
                    • Opcode ID: 868aaa1e41277039ed24238d816452c6e2231420b260edc417f984663323a157
                    • Instruction ID: a72d746d371728736d242ba06b10a0c39f5fb67499b64d38e15310ead416f736
                    • Opcode Fuzzy Hash: 868aaa1e41277039ed24238d816452c6e2231420b260edc417f984663323a157
                    • Instruction Fuzzy Hash: DD41E37260464282EB44EF5AC446269F3A5FF84F98F85D035DEA95B395DF3CE802C7A0
                    APIs
                    • IsDebuggerPresent.KERNEL32(?,00000000,00000000,00007FF7F39DD9DC,?,?,?,?,?,00007FF7F39DDA56,?,?,?,00007FF7F39DDFB3), ref: 00007FF7F39DD789
                    • DebugBreak.KERNEL32(?,00000000,00000000,00007FF7F39DD9DC,?,?,?,?,?,00007FF7F39DDA56,?,?,?,00007FF7F39DDFB3), ref: 00007FF7F39DD793
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: BreakDebugDebuggerPresent
                    • String ID:
                    • API String ID: 1472931004-0
                    • Opcode ID: 99b1c7aa9b7132015e64070ec1ff26330e48c40182dd4df5d830b1e130ef81f6
                    • Instruction ID: c1e9296933593f73f8b37798c0c46b978f33a9223f5430732f2ea33124057505
                    • Opcode Fuzzy Hash: 99b1c7aa9b7132015e64070ec1ff26330e48c40182dd4df5d830b1e130ef81f6
                    • Instruction Fuzzy Hash: B721E661A0864542E794FF1BA405439F750BF45FE8B845135ED792B7D5DF3CE00287A0
                    APIs
                    • IsDebuggerPresent.KERNEL32(?,?,?,00007FF7F39E1DD6,?,?,?,?,00000000,00000000,?,00007FF7F39E2829), ref: 00007FF7F39E13DF
                    • DebugBreak.KERNEL32(?,?,?,00007FF7F39E1DD6,?,?,?,?,00000000,00000000,?,00007FF7F39E2829), ref: 00007FF7F39E13E9
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: BreakDebugDebuggerPresent
                    • String ID:
                    • API String ID: 1472931004-0
                    • Opcode ID: 154280e478efb3e2238d2ba1b00657b9851a5eaf6386d8e7864c6de76c6af708
                    • Instruction ID: a72475e00ec84222b985dd130465b34c7188be5d55ffec90a4acaac5092d9c2d
                    • Opcode Fuzzy Hash: 154280e478efb3e2238d2ba1b00657b9851a5eaf6386d8e7864c6de76c6af708
                    • Instruction Fuzzy Hash: B121A41290C68240FBE5FB25D1442B897915B02B9CFC46231D5B92E7D6EE1CE4C283B7
                    APIs
                    • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?,00000000,00007FF7F39E0DF9), ref: 00007FF7F39DDCF7
                    • DebugBreak.KERNEL32(?,?,?,?,?,?,00000000,00007FF7F39E0DF9), ref: 00007FF7F39DDD01
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: BreakDebugDebuggerPresent
                    • String ID:
                    • API String ID: 1472931004-0
                    • Opcode ID: f11c3f09b13fb9f8be99570d5e9e8ec1c66ea298248d1f63cfed0b54d30169af
                    • Instruction ID: 1f019e9f2adc45f43cb841415517ee20191581c9cfc93049643aa92919559a53
                    • Opcode Fuzzy Hash: f11c3f09b13fb9f8be99570d5e9e8ec1c66ea298248d1f63cfed0b54d30169af
                    • Instruction Fuzzy Hash: 4921D632A0855196E754FB169605679E360FF44B94F819031DE6C1BB89CF3CE45087E0
                    APIs
                    • IsDebuggerPresent.KERNEL32(?,?,00000000,00007FF7F39E34EE,00000001,00000000,?,00007FF7F39E3460,?,?,?,?,?,00000000,?,00007FF7F39E2CB0), ref: 00007FF7F39E35F4
                    • DebugBreak.KERNEL32(?,?,00000000,00007FF7F39E34EE,00000001,00000000,?,00007FF7F39E3460,?,?,?,?,?,00000000,?,00007FF7F39E2CB0), ref: 00007FF7F39E35FE
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: BreakDebugDebuggerPresent
                    • String ID:
                    • API String ID: 1472931004-0
                    • Opcode ID: cbb566dae688534e727b65959d1ee7fc8a50a5ffa64cdd61744662e928cff2af
                    • Instruction ID: 0d1d3cebc238ff8670055332bf2568aa44653fb15707838b8fc505256c4b65f6
                    • Opcode Fuzzy Hash: cbb566dae688534e727b65959d1ee7fc8a50a5ffa64cdd61744662e928cff2af
                    • Instruction Fuzzy Hash: 7921A66170CB4681EFA0EB26D14106DA3A0EB58FD8B954235DA3D5B398DF3CD545C7A0
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: BreakDebugDebuggerPresent
                    • String ID:
                    • API String ID: 1472931004-0
                    • Opcode ID: 5a7a956f8b52415d89c266a08d5380c51f201d5e9ec260757127062a3d6b269e
                    • Instruction ID: 85383e0f1a235b80292ebe6064118c9f372e1e50ba7cbc91cf9950463f55ff5b
                    • Opcode Fuzzy Hash: 5a7a956f8b52415d89c266a08d5380c51f201d5e9ec260757127062a3d6b269e
                    • Instruction Fuzzy Hash: 0321B862B08B4382EF51EB2AE54406DA3A0EF58FDCB944535DA7D2B7D4DE2CE4428790
                    APIs
                    • IsDebuggerPresent.KERNEL32(?,?,00000010,00007FF7F39E1905,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00007FF7F39C8709
                    • DebugBreak.KERNEL32(?,?,00000010,00007FF7F39E1905,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00007FF7F39C8713
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: BreakDebugDebuggerPresent
                    • String ID:
                    • API String ID: 1472931004-0
                    • Opcode ID: 17ef2b56849c2b90bc05a244e8645bd4f5993875a07ee088d30e4210759e60e3
                    • Instruction ID: a4d6eac6639360cc63b2f61dcc9cbeff8e5fed4f98cc92e6d8eaf8195cdcb239
                    • Opcode Fuzzy Hash: 17ef2b56849c2b90bc05a244e8645bd4f5993875a07ee088d30e4210759e60e3
                    • Instruction Fuzzy Hash: 5721C96160DB4682EF50EB2AD10417DA360EF08FDCB944131DA2D2B7E4DF2CE4028790
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: BreakDebugDebuggerPresent
                    • String ID:
                    • API String ID: 1472931004-0
                    • Opcode ID: f7cd591d003d1534d8727f0bbbb7f8833b77bdb49c7e741b2cb9c2225afcd682
                    • Instruction ID: 3f60b66330f356ac0f4b21fcbf710815d3c676472bfebf1877543ce3d06c4d34
                    • Opcode Fuzzy Hash: f7cd591d003d1534d8727f0bbbb7f8833b77bdb49c7e741b2cb9c2225afcd682
                    • Instruction Fuzzy Hash: B7218021B0864681FF94FF12D849379E360EF64B88F994131DA6D2F6E9DF2CE44183A0
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: BreakDebugDebuggerPresent
                    • String ID:
                    • API String ID: 1472931004-0
                    • Opcode ID: cfaa9626c993690c90d58484039eebfe929b1a23cc40d636e175c586a8be5ecb
                    • Instruction ID: 8da573cc4c05146aa1ad4847bae7dea9e194078fe7b2ba7fca290d6f80c006f2
                    • Opcode Fuzzy Hash: cfaa9626c993690c90d58484039eebfe929b1a23cc40d636e175c586a8be5ecb
                    • Instruction Fuzzy Hash: 4921D661B0974182EF90EF6AE149168A3E0EF54FDCB908131DAAD2B7D4DF3CD4028790
                    APIs
                    • IsDebuggerPresent.KERNEL32(?,?,?,00007FF7F39D6145,?,?,?,00007FF7F39D60B2), ref: 00007FF7F39D51F8
                    • DebugBreak.KERNEL32(?,?,?,00007FF7F39D6145,?,?,?,00007FF7F39D60B2), ref: 00007FF7F39D5202
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: BreakDebugDebuggerPresent
                    • String ID:
                    • API String ID: 1472931004-0
                    • Opcode ID: 6e75e53b829084ed6bc102e0e7268e5856788560e71605afee9a595f9d108d87
                    • Instruction ID: 1c89974c5a20cb5e95d2d49a97c11836f47957ab4e5c54078a412308ed076737
                    • Opcode Fuzzy Hash: 6e75e53b829084ed6bc102e0e7268e5856788560e71605afee9a595f9d108d87
                    • Instruction Fuzzy Hash: 49116321959B8181FB90FF62A405565E3A4AF04BD8FC84031EEAC2F7E5CF3CE45587A0
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: BreakDebugDebuggerPresent
                    • String ID:
                    • API String ID: 1472931004-0
                    • Opcode ID: 8ffdbf8be492389eb28ed259bc7bb2b59c5cf26e9b61036d1e4f444c43fac3ee
                    • Instruction ID: 4afffd1396d9f691cc50d518e5a80215934d271468619d548fa501bc9ad2ad1e
                    • Opcode Fuzzy Hash: 8ffdbf8be492389eb28ed259bc7bb2b59c5cf26e9b61036d1e4f444c43fac3ee
                    • Instruction Fuzzy Hash: 69012B20B0C75141EB90FBAA6584179A360BF44BE4F984630EBBD6B7C6DE2CD1414290
                    APIs
                    • IsDebuggerPresent.KERNEL32(?,?,?,00007FF7F39DD812,?,00000000,00000000,00007FF7F39DD9DC,?,?,?,?,?,00007FF7F39DDA56), ref: 00007FF7F39DD6EE
                    • DebugBreak.KERNEL32(?,?,?,00007FF7F39DD812,?,00000000,00000000,00007FF7F39DD9DC,?,?,?,?,?,00007FF7F39DDA56), ref: 00007FF7F39DD6F8
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: BreakDebugDebuggerPresent
                    • String ID:
                    • API String ID: 1472931004-0
                    • Opcode ID: fad67940ffbe84931a7a08600593ee3325b731353e470d066fc4a14c557696a0
                    • Instruction ID: 7c630b49cc783ca0aab64e9e2f4a8a8db45edbb7d7530f4fde888eab16916abb
                    • Opcode Fuzzy Hash: fad67940ffbe84931a7a08600593ee3325b731353e470d066fc4a14c557696a0
                    • Instruction Fuzzy Hash: 9F01F131704B8085D744BF27A944129FBA5FBA4FC4F898035EE4C6BB99CE38D4518790
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: BreakDebugDebuggerPresent
                    • String ID:
                    • API String ID: 1472931004-0
                    • Opcode ID: 43252c4a7b72a6467cd41d82932ea8dfb720739358bd93e40d63b7b487edcd4b
                    • Instruction ID: c121933d2af48dcf12d27cce67eff0346f96ea7eed1fdedfcee97ea9c1e48d3e
                    • Opcode Fuzzy Hash: 43252c4a7b72a6467cd41d82932ea8dfb720739358bd93e40d63b7b487edcd4b
                    • Instruction Fuzzy Hash: C7F0AF21E1865384FBE0BF72A406779E390AF007BCF885334D9796E1D6DE2DE04082A0
                    APIs
                    • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F39CC84D), ref: 00007FF7F39D81B3
                    • DebugBreak.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F39CC84D), ref: 00007FF7F39D81BD
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: BreakDebugDebuggerPresent
                    • String ID:
                    • API String ID: 1472931004-0
                    • Opcode ID: ca7c36394b9f9368e66f87a5741eabc59d89074e843756b6f09c7d48ac8373df
                    • Instruction ID: f40122a32e0009fac40fbaf4ed25a3d202123db7b255e94bea031478dfd5b1d7
                    • Opcode Fuzzy Hash: ca7c36394b9f9368e66f87a5741eabc59d89074e843756b6f09c7d48ac8373df
                    • Instruction Fuzzy Hash: 46F0B111B1C54241F7D0FB11A445537D350BF84748FDC0430DAAD597C7DF2CE44446A0
                    APIs
                    • IsDebuggerPresent.KERNEL32(?,?,?,00007FF7F39DF639,?,?,00000004,00007FF7F39DFA7D), ref: 00007FF7F39DF35E
                    • DebugBreak.KERNEL32(?,?,?,00007FF7F39DF639,?,?,00000004,00007FF7F39DFA7D), ref: 00007FF7F39DF368
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: BreakDebugDebuggerPresent
                    • String ID:
                    • API String ID: 1472931004-0
                    • Opcode ID: b6471b44cbbfb7479605b419e64321ee7cfd7cd779649d031920e93013884a72
                    • Instruction ID: 5c80f35b72dbf9fc30084807299ae8f9f3e28dc113ec90765de554ba23de96ee
                    • Opcode Fuzzy Hash: b6471b44cbbfb7479605b419e64321ee7cfd7cd779649d031920e93013884a72
                    • Instruction Fuzzy Hash: F2F02172914E8182D754EF22E484159F360FB04FD8F541331DA6A8B6D8DB78D182CB60
                    APIs
                    • IsDebuggerPresent.KERNEL32(?,?,00000000,00007FF7F39DD87A,?,?,?,?,?,?,?,00007FF7F39DDDFD,?,?,Page %s,00007FF7F39D2D0A), ref: 00007FF7F39DD694
                    • DebugBreak.KERNEL32(?,?,00000000,00007FF7F39DD87A,?,?,?,?,?,?,?,00007FF7F39DDDFD,?,?,Page %s,00007FF7F39D2D0A), ref: 00007FF7F39DD69E
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: BreakDebugDebuggerPresent
                    • String ID:
                    • API String ID: 1472931004-0
                    • Opcode ID: 143d29061ced6a80e3963552af2f2c530d123509bfc9a68600ee8573555b6837
                    • Instruction ID: d6fac6ee8715a7c945385488e78ccd44def9b67ccb1f7e1e4c011e456e4e846a
                    • Opcode Fuzzy Hash: 143d29061ced6a80e3963552af2f2c530d123509bfc9a68600ee8573555b6837
                    • Instruction Fuzzy Hash: 28E02B21B0410343E790BB5AE6860289261FF94798BE4A030D59C56598DE3CF4414AB0
                    APIs
                    • IsDebuggerPresent.KERNEL32(?,?,00000000,00007FF7F39DD96A,?,?,?,?,?,00007FF7F39DDA56,?,?,?,00007FF7F39DDFB3), ref: 00007FF7F39DD622
                    • DebugBreak.KERNEL32(?,?,00000000,00007FF7F39DD96A,?,?,?,?,?,00007FF7F39DDA56,?,?,?,00007FF7F39DDFB3), ref: 00007FF7F39DD62C
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: BreakDebugDebuggerPresent
                    • String ID:
                    • API String ID: 1472931004-0
                    • Opcode ID: 31954b5e3cf14bcaab7cefbb32af7eaaac68ab8d564b4761f2d4c5856a0c1c8f
                    • Instruction ID: 373e7ca05dd37ffa52d60d37f6ad1ee26247235b2c1179df5041b51deaaa0904
                    • Opcode Fuzzy Hash: 31954b5e3cf14bcaab7cefbb32af7eaaac68ab8d564b4761f2d4c5856a0c1c8f
                    • Instruction Fuzzy Hash: 01E06822714C0742E780BFA6A85242492A4EF48328FEC6030E5BCCA1D4DE2CC8408AB0
                    APIs
                    • IsDebuggerPresent.KERNEL32(?,?,00000000,00007FF7F39D854F,?,?,?,00007FF7F39C7895), ref: 00007FF7F39D8478
                    • DebugBreak.KERNEL32(?,?,00000000,00007FF7F39D854F,?,?,?,00007FF7F39C7895), ref: 00007FF7F39D8482
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: BreakDebugDebuggerPresent
                    • String ID:
                    • API String ID: 1472931004-0
                    • Opcode ID: 6b49a5542f53a12594a471ce7e1d8e6488d03ce82f7d9f71fd82c6a15adc7e56
                    • Instruction ID: 76484704a66690bfe0f9b04c3f5ae17425c091fa287452b941d74c9406aaee4b
                    • Opcode Fuzzy Hash: 6b49a5542f53a12594a471ce7e1d8e6488d03ce82f7d9f71fd82c6a15adc7e56
                    • Instruction Fuzzy Hash: 63E08621B1864182DB84AB5BF649428E360FF48BD8B988030DA6C4B399EE3CD4918674
                    APIs
                      • Part of subcall function 00007FF7F39DD600: IsDebuggerPresent.KERNEL32(?,?,00000000,00007FF7F39DD96A,?,?,?,?,?,00007FF7F39DDA56,?,?,?,00007FF7F39DDFB3), ref: 00007FF7F39DD622
                      • Part of subcall function 00007FF7F39DD600: DebugBreak.KERNEL32(?,?,00000000,00007FF7F39DD96A,?,?,?,?,?,00007FF7F39DDA56,?,?,?,00007FF7F39DDFB3), ref: 00007FF7F39DD62C
                    • IsDebuggerPresent.KERNEL32(?,?,0000000C,00007FF7F39DD7B8,?,00000000,00000000,00007FF7F39DD9DC,?,?,?,?,?,00007FF7F39DDA56), ref: 00007FF7F39DD661
                    • DebugBreak.KERNEL32(?,?,0000000C,00007FF7F39DD7B8,?,00000000,00000000,00007FF7F39DD9DC,?,?,?,?,?,00007FF7F39DDA56), ref: 00007FF7F39DD66B
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: BreakDebugDebuggerPresent
                    • String ID:
                    • API String ID: 1472931004-0
                    • Opcode ID: 61b69c8555159776996e8705d17d5f9032ac930393241a54ca8f7f7624e23b94
                    • Instruction ID: cbc4fca1a99b7cc30e683ab54e3a2e3ff91cd4d544e7958831a63c4135b3ddec
                    • Opcode Fuzzy Hash: 61b69c8555159776996e8705d17d5f9032ac930393241a54ca8f7f7624e23b94
                    • Instruction Fuzzy Hash: 94E08665B0430747E754BFBD95C94396350AF18718B902134D96C9A2D9DE1CE4578AF0
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: BreakDebugDebuggerPresent
                    • String ID:
                    • API String ID: 1472931004-0
                    • Opcode ID: 7cbfe6a489515a04e377c95e0783c7182dc4d55466d60d73b9ca5a91bfd21b2b
                    • Instruction ID: 85fbb00b832f0202580590a547991970431eef138e6724d35c170d07da66e09b
                    • Opcode Fuzzy Hash: 7cbfe6a489515a04e377c95e0783c7182dc4d55466d60d73b9ca5a91bfd21b2b
                    • Instruction Fuzzy Hash: A3E02022E1890381FB507F17E444335E360FF94B94F544030E5684A2D8DE3CC451C7A0
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2361158172.00000188C5400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000188C5400000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_188c5400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID: refl$runt
                    • API String ID: 0-1012686776
                    • Opcode ID: 6b5ffcb17211d4e84f53e7b9ba6189d04234684868f4bc7ba33c309d6eee9982
                    • Instruction ID: fc6285bc03cef1b80a06ebe5182427d44d0546c463a81f9e7bf8fdf03e9e5f47
                    • Opcode Fuzzy Hash: 6b5ffcb17211d4e84f53e7b9ba6189d04234684868f4bc7ba33c309d6eee9982
                    • Instruction Fuzzy Hash: 4CB1D470258B088FEB94DF58C4847EAB7D2FB98301F948529F059C32A5DF75D944C7A2
                    Strings
                    • bad summary databad symbol tablebinary.BigEndianbuffer too shortcastogscanstatuscontent-encodingcontent-languagecontent-locationcontext canceleddivision by zeroexec: no commandgc: unswept spanheader too shorthost unreachablehostLookupOrder=integer overflowinva, xrefs: 00426805, 00426B27
                    • ymB, xrefs: 00426B65
                    Memory Dump Source
                    • Source File: 00000000.00000002.2358808337.0000000000400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2358808337.00000000008DC000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000AD2000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3C000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B6F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000BEB000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C56000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C85000.00000040.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID: bad summary databad symbol tablebinary.BigEndianbuffer too shortcastogscanstatuscontent-encodingcontent-languagecontent-locationcontext canceleddivision by zeroexec: no commandgc: unswept spanheader too shorthost unreachablehostLookupOrder=integer overflowinva$ymB
                    • API String ID: 0-4018324394
                    • Opcode ID: 37409f26ca46857c3265b5531f75c2f495cf43cd83753c6e3f2e9c70431a9577
                    • Instruction ID: 93df1c24117591ca8833d9468557b2b39150f2c3f2b3347d9b8d9cb3d18954a1
                    • Opcode Fuzzy Hash: 37409f26ca46857c3265b5531f75c2f495cf43cd83753c6e3f2e9c70431a9577
                    • Instruction Fuzzy Hash: D8D197B6719BE482DA20CB52F44079AA721F396BC0F858117EE9E57B58DF3CC449CB08
                    Strings
                    • p mcache not flushedpad length too largepk7 un padding errorread_frame_too_largereflect.Value.SetIntreflect.makeFuncStubrouter advertisementruntime: double waitselectgo: bad wakeupsemaRoot rotateRightshort segment lengthtime: invalid numbertoo few shards given, xrefs: 00417A70
                    • `SC, xrefs: 00417877
                    Memory Dump Source
                    • Source File: 00000000.00000002.2358808337.0000000000400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2358808337.00000000008DC000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000AD2000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3C000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B6F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000BEB000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C56000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C85000.00000040.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID: `SC$p mcache not flushedpad length too largepk7 un padding errorread_frame_too_largereflect.Value.SetIntreflect.makeFuncStubrouter advertisementruntime: double waitselectgo: bad wakeupsemaRoot rotateRightshort segment lengthtime: invalid numbertoo few shards given
                    • API String ID: 0-3055136927
                    • Opcode ID: 081cbafdd1222623d5091af74ab5c2eddccef9a81ac52394066bb88f069e807f
                    • Instruction ID: f148f748713aa4d0b25745498017cbf92d0431a5b5df7a3bf337d30c54e90d14
                    • Opcode Fuzzy Hash: 081cbafdd1222623d5091af74ab5c2eddccef9a81ac52394066bb88f069e807f
                    • Instruction Fuzzy Hash: FBD18F76209B4486EB00DF25E48079A7771F78A7A4F54832ADAAE43BE5DF3DC485CB04
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: Heap$AllocErrorFreeLast_invalid_parameter_noinfo
                    • String ID: Syst$emRo
                    • API String ID: 3361962657-2127360862
                    • Opcode ID: 8445db3d7eb44869c4707f47a3b178b0c24a0bbb28ae460ed83a4a369afd920e
                    • Instruction ID: ef5f895ff7b21c9d1f906091f8c0d064f5ef6650a964741ab24865be3c5b9fbc
                    • Opcode Fuzzy Hash: 8445db3d7eb44869c4707f47a3b178b0c24a0bbb28ae460ed83a4a369afd920e
                    • Instruction Fuzzy Hash: C1B1D562F0865145FB90FB7254406BDA6A0AF45B98F844631EE7D6F7C5EE3CD44283A0
                    Strings
                    • invalid g statusinvalid protocolinvalid row sizelength too largemSpanList.insertmSpanList.removemessage too longmissing stackmapno colon on lineno renegotiationno route to hostnon-IPv4 addressnon-IPv6 addressnon-ipv4 addressnon-ipv6 addressobject is remoteprox, xrefs: 00432516
                    • suspendG from non-preemptible goroutinetags don't match (%d vs %+v) %+v %s @%dtls: internal error: wrong nonce lengthtls: unsupported certificate curve (%s)trailing backslash at end of expressiontransport endpoint is already connectedusername/password authenti, xrefs: 00432527
                    Memory Dump Source
                    • Source File: 00000000.00000002.2358808337.0000000000400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2358808337.00000000008DC000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000AD2000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3C000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B6F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000BEB000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C56000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C85000.00000040.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID: invalid g statusinvalid protocolinvalid row sizelength too largemSpanList.insertmSpanList.removemessage too longmissing stackmapno colon on lineno renegotiationno route to hostnon-IPv4 addressnon-IPv6 addressnon-ipv4 addressnon-ipv6 addressobject is remoteprox$suspendG from non-preemptible goroutinetags don't match (%d vs %+v) %+v %s @%dtls: internal error: wrong nonce lengthtls: unsupported certificate curve (%s)trailing backslash at end of expressiontransport endpoint is already connectedusername/password authenti
                    • API String ID: 0-3298849995
                    • Opcode ID: b1a297acc117c40c7afc556faf2bc0f758a97177ba325af6db041bb522b9232a
                    • Instruction ID: b0350242f7590c3b9c6594c38034ff4439073c32fc34bff3dac4f963f3c75896
                    • Opcode Fuzzy Hash: b1a297acc117c40c7afc556faf2bc0f758a97177ba325af6db041bb522b9232a
                    • Instruction Fuzzy Hash: 8CA16C76208B8082DB14CB26E54075BBB61F39ABD4F14A267EF9D13B59CB7CC541CB48
                    Strings
                    • self-preemptsetupapi.dllshort bufferspanSetSpinesweepWaiterstraceStringstransmitfileunexpected )unknown portwinpty_spawnwinspool.drvwintrust.dllwtsapi32.dll (default %q) (default %v) in host name is nil, not out of range, not pointer172.16.0.0/12192.168.0.0/8, xrefs: 0042F83F
                    • runtime.preemptM: duplicatehandle failedruntime: SyscallN has too many argumentsryuFtoaFixed32 called with negative prectime: Stop called on uninitialized Timertls: received empty certificates messagex509: cannot parse IP address of length x509: malformed exte, xrefs: 0042F82E
                    Memory Dump Source
                    • Source File: 00000000.00000002.2358808337.0000000000400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2358808337.00000000008DC000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000AD2000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3C000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B6F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000BEB000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C56000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C85000.00000040.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID: runtime.preemptM: duplicatehandle failedruntime: SyscallN has too many argumentsryuFtoaFixed32 called with negative prectime: Stop called on uninitialized Timertls: received empty certificates messagex509: cannot parse IP address of length x509: malformed exte$self-preemptsetupapi.dllshort bufferspanSetSpinesweepWaiterstraceStringstransmitfileunexpected )unknown portwinpty_spawnwinspool.drvwintrust.dllwtsapi32.dll (default %q) (default %v) in host name is nil, not out of range, not pointer172.16.0.0/12192.168.0.0/8
                    • API String ID: 0-1612439266
                    • Opcode ID: 33a5e3a9b1de3f739c36969f476a33443bc6a0d6804e0244ddd802a39fe196fb
                    • Instruction ID: 14e4b973f95bcff3d84c6c43a2a988b4c6a455ccbb7a7ecc95e13417a5956a14
                    • Opcode Fuzzy Hash: 33a5e3a9b1de3f739c36969f476a33443bc6a0d6804e0244ddd802a39fe196fb
                    • Instruction Fuzzy Hash: 47C14B36209F9081DB10DB26F44035AB770F78AB94F959236DAAD83BA5DF3CC496CB04
                    Strings
                    • bad symbol tablebinary.BigEndianbuffer too shortcastogscanstatuscontent-encodingcontent-languagecontent-locationcontext canceleddivision by zeroexec: no commandgc: unswept spanheader too shorthost unreachablehostLookupOrder=integer overflowinvalid argumentinva, xrefs: 004458DF, 00445911
                    • missing stackmapno colon on lineno renegotiationno route to hostnon-IPv4 addressnon-IPv6 addressnon-ipv4 addressnon-ipv6 addressobject is remoteproxy-connectionread_frame_otherredirect messagereflect mismatchregexp: Compile(remote I/O errorschedule: in cgotime, xrefs: 004458F8, 0044592D
                    Memory Dump Source
                    • Source File: 00000000.00000002.2358808337.0000000000400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2358808337.00000000008DC000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000AD2000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3C000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B6F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000BEB000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C56000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C85000.00000040.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID: bad symbol tablebinary.BigEndianbuffer too shortcastogscanstatuscontent-encodingcontent-languagecontent-locationcontext canceleddivision by zeroexec: no commandgc: unswept spanheader too shorthost unreachablehostLookupOrder=integer overflowinvalid argumentinva$missing stackmapno colon on lineno renegotiationno route to hostnon-IPv4 addressnon-IPv6 addressnon-ipv4 addressnon-ipv6 addressobject is remoteproxy-connectionread_frame_otherredirect messagereflect mismatchregexp: Compile(remote I/O errorschedule: in cgotime
                    • API String ID: 0-1980673692
                    • Opcode ID: c2353b765bed9815195fa9e3319092442cf774f5452df5636dde7ee221a86617
                    • Instruction ID: 1fffcf14b0dcc617b7e6b0c646dcda13e41b322b7c8db853aea36e1349a6cba7
                    • Opcode Fuzzy Hash: c2353b765bed9815195fa9e3319092442cf774f5452df5636dde7ee221a86617
                    • Instruction Fuzzy Hash: 4A91DEB2708A50C7EA14AB26E04035EB761F789BD4FA59126EF8D4775AEF3CC851CB04
                    Strings
                    • casgstatus: bad incoming valuescheckmark found unmarked objectcrypto/ecdh: invalid public keyfmt: unknown base; can't happenframe_headers_prio_weight_shorthttp2: connection error: %v: %vin literal null (expecting 'l')in literal null (expecting 'u')in literal t, xrefs: 00434F34
                    • casgstatus: waiting for Gwaiting but is Grunnablechacha20poly1305: bad nonce length passed to Openchacha20poly1305: bad nonce length passed to Sealcrypto/elliptic: internal error: invalid encodingcrypto/tls: ExportKeyingMaterial context too longdelayed zeroing, xrefs: 00434F05
                    Memory Dump Source
                    • Source File: 00000000.00000002.2358808337.0000000000400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2358808337.00000000008DC000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000AD2000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3C000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B6F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000BEB000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C56000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C85000.00000040.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID: casgstatus: bad incoming valuescheckmark found unmarked objectcrypto/ecdh: invalid public keyfmt: unknown base; can't happenframe_headers_prio_weight_shorthttp2: connection error: %v: %vin literal null (expecting 'l')in literal null (expecting 'u')in literal t$casgstatus: waiting for Gwaiting but is Grunnablechacha20poly1305: bad nonce length passed to Openchacha20poly1305: bad nonce length passed to Sealcrypto/elliptic: internal error: invalid encodingcrypto/tls: ExportKeyingMaterial context too longdelayed zeroing
                    • API String ID: 0-3354868293
                    • Opcode ID: e2ff4133cba47af894d51aee3f7e9c6f0652a6b0c8794a29b5aca50287b023d1
                    • Instruction ID: e2f409cd0587e47c99bc2a095ce6c1dfd9ad6a6bfdbef6906d7dd5ebf0cc44bb
                    • Opcode Fuzzy Hash: e2ff4133cba47af894d51aee3f7e9c6f0652a6b0c8794a29b5aca50287b023d1
                    • Instruction Fuzzy Hash: F7A1B436609A84C6DB04CB26E48539ABB71F38EB94F189227DF9D43B65CB3DD446CB04
                    Strings
                    • gcinggscanhchanhostshttpsi%d86imap2imap3imapsinet4inet6int16int32int64matchmheapmkdirmonthntohspanicparsepop3srangerouterune schedsleepslicesockssse41sse42ssse3stdinsudogsweeptext/tls: traceuint8usageutf-8valuewrite Valuetcp %s%s, not , val --%s.local.on, xrefs: 00417CD2, 00417CE9
                    • `SC, xrefs: 00417D34
                    Memory Dump Source
                    • Source File: 00000000.00000002.2358808337.0000000000400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2358808337.00000000008DC000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000AD2000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3C000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B6F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000BEB000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C56000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C85000.00000040.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID: `SC$gcinggscanhchanhostshttpsi%d86imap2imap3imapsinet4inet6int16int32int64matchmheapmkdirmonthntohspanicparsepop3srangerouterune schedsleepslicesockssse41sse42ssse3stdinsudogsweeptext/tls: traceuint8usageutf-8valuewrite Valuetcp %s%s, not , val --%s.local.on
                    • API String ID: 0-3794480125
                    • Opcode ID: 5f9d1d2b800b5b8f5ce260d67c0026343977b9b72e1be4a3cfb0d6314153cabc
                    • Instruction ID: ab829b042162ea4195f23f2a28263445509db2a6d06e9e5edc9da4e5ed151a45
                    • Opcode Fuzzy Hash: 5f9d1d2b800b5b8f5ce260d67c0026343977b9b72e1be4a3cfb0d6314153cabc
                    • Instruction Fuzzy Hash: 30718D32608A8486F700DF21E4817AA77B0F74A784F51962BDA5E437A6EF7DC489CB44
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID: e+000$gfff
                    • API String ID: 0-3030954782
                    • Opcode ID: 66e7905568103db1e97acd91ef3f60f432359de628cf3f8b263c15f7d18b271e
                    • Instruction ID: c59e337f22a653ce96b8688b925159f43b4ede6cf0365b128d3e1be91ee58fbd
                    • Opcode Fuzzy Hash: 66e7905568103db1e97acd91ef3f60f432359de628cf3f8b263c15f7d18b271e
                    • Instruction Fuzzy Hash: DD517B22B182C542E7A5DF35D800769FB91E744B98F88A231CBB85FBD9CE3DD44487A0
                    Strings
                    • runtime: signal received on thread not created by Go.tls: certificate used with invalid signature algorithmtls: server resumed a session with a different versionx509: cannot verify signature: algorithm unimplementedx509: invalid RDNSequence: invalid attribute, xrefs: 0042D486, 0042D4B4
                    • runtime: signal received on thread not created by Go., xrefs: 0042D469
                    Memory Dump Source
                    • Source File: 00000000.00000002.2358808337.0000000000400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2358808337.00000000008DC000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000AD2000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3C000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B6F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000BEB000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C56000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C85000.00000040.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID: runtime: signal received on thread not created by Go.$runtime: signal received on thread not created by Go.tls: certificate used with invalid signature algorithmtls: server resumed a session with a different versionx509: cannot verify signature: algorithm unimplementedx509: invalid RDNSequence: invalid attribute
                    • API String ID: 0-3777908824
                    • Opcode ID: 85868b38c3582ea010e5bdd6710a489130d1854883047267963312737a121890
                    • Instruction ID: 4858ef405dcadd931dfd699388c04ff436017268680adca04faea94445513727
                    • Opcode Fuzzy Hash: 85868b38c3582ea010e5bdd6710a489130d1854883047267963312737a121890
                    • Instruction Fuzzy Hash: 1E316C32B08B5485E710EB22F84131A77A0F709798F948727EA9E43BA6DB3CD045CB59
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2361158172.00000188C5400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000188C5400000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_188c5400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID: .
                    • API String ID: 0-248832578
                    • Opcode ID: 68072bdb8a487e89920548cd114cfbf4f5032d9f3adade429c4d997457b559a5
                    • Instruction ID: 72577de7f729ad2a74bdd7412ff2bdad12f6692574a120041231c0a272c8e83d
                    • Opcode Fuzzy Hash: 68072bdb8a487e89920548cd114cfbf4f5032d9f3adade429c4d997457b559a5
                    • Instruction Fuzzy Hash: D352E570548F0C8FDB64EF28D8887D6B3E0FB68310F95962AE449D3265DF70A984CB91
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2361158172.00000188C5400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000188C5400000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_188c5400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID: @
                    • API String ID: 0-2766056989
                    • Opcode ID: f0b7442f57f36f361cee6489917076fd64a838892209733cec49c1d7e71ee268
                    • Instruction ID: f55ce3b24a7bffcb00379b233cf4c1e34f1d364d151e5044c50ef5c936bea8d1
                    • Opcode Fuzzy Hash: f0b7442f57f36f361cee6489917076fd64a838892209733cec49c1d7e71ee268
                    • Instruction Fuzzy Hash: 3E42D470568B488FDB58DB1894847E5F7E1FBA9300FA4866DF489C3696CF30D981C7A1
                    Strings
                    • SwapperTagalogTibetanTirhutaTrailerTuesdayTypeALLTypeOPTTypePTRTypeSOATypeSRVTypeTXTTypeWKSUNKNOWNUpgradeUsage:WSARecvWSASendaarch64abortedalt -> answersany -> avx512fcharsetchunkedconnectconsolecpuprofderivedexpiresfloat32float64forcegchttp://invalidlookup n, xrefs: 00461598
                    Memory Dump Source
                    • Source File: 00000000.00000002.2358808337.0000000000400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2358808337.00000000008DC000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000AD2000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3C000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B6F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000BEB000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C56000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C85000.00000040.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID: SwapperTagalogTibetanTirhutaTrailerTuesdayTypeALLTypeOPTTypePTRTypeSOATypeSRVTypeTXTTypeWKSUNKNOWNUpgradeUsage:WSARecvWSASendaarch64abortedalt -> answersany -> avx512fcharsetchunkedconnectconsolecpuprofderivedexpiresfloat32float64forcegchttp://invalidlookup n
                    • API String ID: 0-87086818
                    • Opcode ID: e5dd92e06a7dcc608451a608805d73f90236c9e3936a906ed7f166ce6b66a81d
                    • Instruction ID: 1e91dc67e8574d7d8b5f0e571e3ffecdd1cc80c299c27c6ef198831c41842aaf
                    • Opcode Fuzzy Hash: e5dd92e06a7dcc608451a608805d73f90236c9e3936a906ed7f166ce6b66a81d
                    • Instruction Fuzzy Hash: D752CF72608F84C5DB20DB15E8003AEB761F385B84F988623DA9E43766EF7CC855C74A
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2361158172.00000188C5400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000188C5400000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_188c5400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID: ,9c
                    • API String ID: 0-338287566
                    • Opcode ID: 19b61f24134b2b6f07c70b2c7cbd42acff34eaa4ff8745d8a351f12ea6d59eb0
                    • Instruction ID: 9562135daadcfcc11f855116ae0784633030a08e4988a5fe5dfe408d356e531b
                    • Opcode Fuzzy Hash: 19b61f24134b2b6f07c70b2c7cbd42acff34eaa4ff8745d8a351f12ea6d59eb0
                    • Instruction Fuzzy Hash: A912B571298D194FEB58A718D8853E9B2D3F7D9711FC48939F04AC32EADF348A808761
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: Info
                    • String ID:
                    • API String ID: 1807457897-0
                    • Opcode ID: c4b324c0c038d064d45982ddf870abd54ecdf1cf739f3b6f69d3c9039c15647b
                    • Instruction ID: d47c515a01b5a3d5573aba0f197271fc07d2b576e87629edb0ba184a49a5e1a2
                    • Opcode Fuzzy Hash: c4b324c0c038d064d45982ddf870abd54ecdf1cf739f3b6f69d3c9039c15647b
                    • Instruction Fuzzy Hash: E412E362A087C186E391DF3994457FDB3A4FB59748F819235EFAC9A292DF38E180C750
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 22e3755703ce27c63688eb30e8384fc104d4753da96205090c4284ddb6fa0f18
                    • Instruction ID: 199cb157fd93ce7476e38791887957421d957dd170f7428f64a9e30ed2cabc08
                    • Opcode Fuzzy Hash: 22e3755703ce27c63688eb30e8384fc104d4753da96205090c4284ddb6fa0f18
                    • Instruction Fuzzy Hash: F0E18672A08B8186E760EB62E4406EE67A4FB54788F804631EF9D6B7D6DF3CD245C350
                    Strings
                    • !"#$%%&&''((()))*++,,,,,------....//////0001123333333333444444444455666677777888888888889999999999::::::;;;;;;;;;;;;;;;;<<<<<<<<<<<<<<<<=====>>>>>>>>>>>??????????@@@@@@@@@@@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC, xrefs: 00442C30, 00442D10, 00442E30, 00442F2E
                    Memory Dump Source
                    • Source File: 00000000.00000002.2358808337.0000000000400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2358808337.00000000008DC000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000AD2000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3C000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B6F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000BEB000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C56000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C85000.00000040.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID: !"#$%%&&''((()))*++,,,,,------....//////0001123333333333444444444455666677777888888888889999999999::::::;;;;;;;;;;;;;;;;<<<<<<<<<<<<<<<<=====>>>>>>>>>>>??????????@@@@@@@@@@@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
                    • API String ID: 0-2911004680
                    • Opcode ID: 19b61f24134b2b6f07c70b2c7cbd42acff34eaa4ff8745d8a351f12ea6d59eb0
                    • Instruction ID: 0ca9bfa4f808fa941c811ab87347c0cfdc955104925c9aec78c1e4db9fed29fa
                    • Opcode Fuzzy Hash: 19b61f24134b2b6f07c70b2c7cbd42acff34eaa4ff8745d8a351f12ea6d59eb0
                    • Instruction Fuzzy Hash: E6E1E7A2305B8482EF048B01E6003ADA763F795BD1F848627EB5E07B99EFBCC555C749
                    Strings
                    • grew heap, but no adequate free space foundhttp2: too many 1xx informational responseshttp2: unexpected ALPN protocol %q; want %qinterrupted system call should be restartedmethodValueCallFrameObjs is not in a modulemult64bitPow10: power of 10 is out of rangemu, xrefs: 00423E69
                    Memory Dump Source
                    • Source File: 00000000.00000002.2358808337.0000000000400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2358808337.00000000008DC000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000AD2000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3C000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B6F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000BEB000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C56000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C85000.00000040.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID: grew heap, but no adequate free space foundhttp2: too many 1xx informational responseshttp2: unexpected ALPN protocol %q; want %qinterrupted system call should be restartedmethodValueCallFrameObjs is not in a modulemult64bitPow10: power of 10 is out of rangemu
                    • API String ID: 0-817925779
                    • Opcode ID: ce1666b902bd635e9e743d28999c29af311be023006da6f7d2a5f9de9035a425
                    • Instruction ID: 089dfec108200b4c942a18a0b18005bebbc7da74ac03ed22cbf737179d223097
                    • Opcode Fuzzy Hash: ce1666b902bd635e9e743d28999c29af311be023006da6f7d2a5f9de9035a425
                    • Instruction Fuzzy Hash: 1AE16972309B9481DA60CF26F48079AAB71F789BD1F989126EE8D43B69CF3CC555CB04
                    Strings
                    • invalid length of trace eventio: read/write on closed pipeluma/chroma subsampling ratiomachine is not on the networkmime: invalid media parametermismatched local address typemulticast router solicitationneed padding in bucket (elem)no XENIX semaphores availabl, xrefs: 0044C988
                    Memory Dump Source
                    • Source File: 00000000.00000002.2358808337.0000000000400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2358808337.00000000008DC000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000AD2000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3C000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B6F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000BEB000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C56000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C85000.00000040.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID: invalid length of trace eventio: read/write on closed pipeluma/chroma subsampling ratiomachine is not on the networkmime: invalid media parametermismatched local address typemulticast router solicitationneed padding in bucket (elem)no XENIX semaphores availabl
                    • API String ID: 0-696013181
                    • Opcode ID: 22aef09aa4574e7e36788121f9cf93ea1a5e4848047fdc5eab7a5b598ab40d6f
                    • Instruction ID: 70bb71626150de89c6db849f76c9c39c238317ab73d46e5e04b55dc0150cebf6
                    • Opcode Fuzzy Hash: 22aef09aa4574e7e36788121f9cf93ea1a5e4848047fdc5eab7a5b598ab40d6f
                    • Instruction Fuzzy Hash: 20D1E97221ABC9C2EB948B16E19039A7761F345BC0F18412BEF9A03B55DF3CC455DB8A
                    APIs
                      • Part of subcall function 00007FF7F39FBF0C: GetLastError.KERNEL32 ref: 00007FF7F39FBF1B
                      • Part of subcall function 00007FF7F39FBF0C: FlsGetValue.KERNEL32 ref: 00007FF7F39FBF30
                      • Part of subcall function 00007FF7F39FBF0C: SetLastError.KERNEL32 ref: 00007FF7F39FBFBB
                    • GetLocaleInfoW.KERNEL32(?,?,?,00007FF7F3A06F6E), ref: 00007FF7F3A071FB
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: ErrorLast$InfoLocaleValue
                    • String ID:
                    • API String ID: 3796814847-0
                    • Opcode ID: 03649d97bafb4672a47cc57acb83e47179040baf1bf4e80dd61762f6f0657090
                    • Instruction ID: 54157e4bd0b4d6a2bdedf92777a89e4ed04bbae4e6bdd4e7b2ef87939f3baabc
                    • Opcode Fuzzy Hash: 03649d97bafb4672a47cc57acb83e47179040baf1bf4e80dd61762f6f0657090
                    • Instruction Fuzzy Hash: 16115B31F0815242E7BCA632A040E7DA261EB48764F904231FA3D5F7C4EE3BD8408790
                    APIs
                      • Part of subcall function 00007FF7F39FBF0C: GetLastError.KERNEL32 ref: 00007FF7F39FBF1B
                      • Part of subcall function 00007FF7F39FBF0C: FlsGetValue.KERNEL32 ref: 00007FF7F39FBF30
                      • Part of subcall function 00007FF7F39FBF0C: SetLastError.KERNEL32 ref: 00007FF7F39FBFBB
                    • EnumSystemLocalesW.KERNEL32(?,?,?,00007FF7F3A073B7,00000000,00000092,?,?,00000000,?,?,00007FF7F39F94A9), ref: 00007FF7F3A06D5A
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: ErrorLast$EnumLocalesSystemValue
                    • String ID:
                    • API String ID: 3029459697-0
                    • Opcode ID: c483d885d01ba69e23a91eefdb82e2f655b28ca103bf5ce796b9c55c726f51cb
                    • Instruction ID: 8bd1be1c17da7ef7f4ef6b7c327d15b21fde6db099d4ac830518f1e0a78514d6
                    • Opcode Fuzzy Hash: c483d885d01ba69e23a91eefdb82e2f655b28ca103bf5ce796b9c55c726f51cb
                    • Instruction Fuzzy Hash: C401F9A2E0858546E7946F26E440F79F691EB407A8F84A331E6382F6E4CF6C9480C750
                    APIs
                    • EnumSystemLocalesW.KERNEL32(?,?,00000000,00007FF7F39FC6F3,?,?,?,?,?,?,?,?,00000000,00007FF7F3A0625C), ref: 00007FF7F39FC2F3
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: EnumLocalesSystem
                    • String ID:
                    • API String ID: 2099609381-0
                    • Opcode ID: f40b629725abc47d59004131efc57ec48d8026a7f0c823b75b6265702d3ff332
                    • Instruction ID: 62266c3ee181306376a26d534f1e33ef0b43f9cf3e92e8e797d1bcd31c0c58c5
                    • Opcode Fuzzy Hash: f40b629725abc47d59004131efc57ec48d8026a7f0c823b75b6265702d3ff332
                    • Instruction Fuzzy Hash: 48F0A97270874183E744EB26F8409A5B365EB88BC4F948035EA3D673A4CE3DD451C790
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID: gfffffff
                    • API String ID: 0-1523873471
                    • Opcode ID: 0a645fd8630157980d4d1aaa1a5bd873d9bbf6271b66eef70cf59949eb2e54b4
                    • Instruction ID: 1c0485429d6b0a9648e2f14e014a9868ac7825d9f5d334721cc615010a9f3736
                    • Opcode Fuzzy Hash: 0a645fd8630157980d4d1aaa1a5bd873d9bbf6271b66eef70cf59949eb2e54b4
                    • Instruction Fuzzy Hash: 32A16662B087C646EB61EF35A0007BDB791AB5078CF409132DEAD5B7C9DA3DE401C7A0
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID: 0-3916222277
                    • Opcode ID: 0ee53f19b4f39de521373f4a14b7cb5d6ff6fd1e4d95ba531d7763adb8955cce
                    • Instruction ID: fcaa9ce162f837e070efdd3e5d4789bcd77117a99eaa2cf84f4cb102c0585b47
                    • Opcode Fuzzy Hash: 0ee53f19b4f39de521373f4a14b7cb5d6ff6fd1e4d95ba531d7763adb8955cce
                    • Instruction Fuzzy Hash: 21B17F72A0869685E7A4EF39C05027DBBA0EB45B4CF984135CA6E6B3D9DF39D440C7E0
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID: 0-3916222277
                    • Opcode ID: 67bd039f7c51821b685e0e29ca03f4e3b5e37920eeeb0fdf32ee6a98a45aad5e
                    • Instruction ID: c5a9f78c5b2b7de41aa05a785225a060dcd5d1fcdb5988104ff84e9c3654c1ab
                    • Opcode Fuzzy Hash: 67bd039f7c51821b685e0e29ca03f4e3b5e37920eeeb0fdf32ee6a98a45aad5e
                    • Instruction Fuzzy Hash: FDB15D7290878585E7A4DF39D05023DBBA0E745B4CFA84235CA6E6B3D5CF2AD881C7E4
                    Strings
                    • bulkBarrierPreWrite: unaligned argumentscannot free workbufs when work.full != 0cannot represent time as GeneralizedTimecertification path advertisement messagechacha20poly1305: invalid buffer overlapcolumn size is not the same for all rowscrypto/cipher: messa, xrefs: 0041330F
                    Memory Dump Source
                    • Source File: 00000000.00000002.2358808337.0000000000400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2358808337.00000000008DC000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000AD2000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3C000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B6F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000BEB000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C56000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C85000.00000040.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID: bulkBarrierPreWrite: unaligned argumentscannot free workbufs when work.full != 0cannot represent time as GeneralizedTimecertification path advertisement messagechacha20poly1305: invalid buffer overlapcolumn size is not the same for all rowscrypto/cipher: messa
                    • API String ID: 0-129788528
                    • Opcode ID: 8e16811c7db0b3871b798f3a011e530a82e49008c429c0f9df1894ef4a8e4d69
                    • Instruction ID: b349b8ab32f015501cf93c2b990fb9ca9a0f2e27c2448890d1eab88e402a52ad
                    • Opcode Fuzzy Hash: 8e16811c7db0b3871b798f3a011e530a82e49008c429c0f9df1894ef4a8e4d69
                    • Instruction Fuzzy Hash: A47199B6709A94C2DB109F16E54039AA7A2F789BD0F589027EF8903B18DF3DC5E5C708
                    Strings
                    • bad summary databad symbol tablebinary.BigEndianbuffer too shortcastogscanstatuscontent-encodingcontent-languagecontent-locationcontext canceleddivision by zeroexec: no commandgc: unswept spanheader too shorthost unreachablehostLookupOrder=integer overflowinva, xrefs: 00428365
                    Memory Dump Source
                    • Source File: 00000000.00000002.2358808337.0000000000400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2358808337.00000000008DC000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000AD2000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3C000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B6F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000BEB000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C56000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C85000.00000040.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID: bad summary databad symbol tablebinary.BigEndianbuffer too shortcastogscanstatuscontent-encodingcontent-languagecontent-locationcontext canceleddivision by zeroexec: no commandgc: unswept spanheader too shorthost unreachablehostLookupOrder=integer overflowinva
                    • API String ID: 0-1622416734
                    • Opcode ID: 9f6f1b5a999ca68be4c790acc01f7e2ab1ae0ce893ea84903ef7c670b3563afe
                    • Instruction ID: 82554f7cd0d040003573ee80c7a554ee233fc6e80967c03d50d769afed546b93
                    • Opcode Fuzzy Hash: 9f6f1b5a999ca68be4c790acc01f7e2ab1ae0ce893ea84903ef7c670b3563afe
                    • Instruction Fuzzy Hash: A351D0B7721B9882DB009B56E44039E6761F78ABD4F84522BEFAD1379ADE3CC094C744
                    Strings
                    • internal lockOSThread errorinvalid HTTP header name %qinvalid P224 point encodinginvalid P256 point encodinginvalid P384 point encodinginvalid P521 point encodinginvalid dependent stream IDinvalid profile bucket typeio.File missing Seek methodkey was rejected , xrefs: 0043A057
                    Memory Dump Source
                    • Source File: 00000000.00000002.2358808337.0000000000400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2358808337.00000000008DC000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000AD2000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3C000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B6F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000BEB000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C56000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C85000.00000040.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID: internal lockOSThread errorinvalid HTTP header name %qinvalid P224 point encodinginvalid P256 point encodinginvalid P384 point encodinginvalid P521 point encodinginvalid dependent stream IDinvalid profile bucket typeio.File missing Seek methodkey was rejected
                    • API String ID: 0-2108211120
                    • Opcode ID: 67262b699a292c03dd3930a512204ee83eaeb230d130633405e021ab58fc8f88
                    • Instruction ID: ec2e30f71fc75e0c804bcff00ed2cb77099c167f8b0681a950156ee5e2f6fc7d
                    • Opcode Fuzzy Hash: 67262b699a292c03dd3930a512204ee83eaeb230d130633405e021ab58fc8f88
                    • Instruction Fuzzy Hash: 0371A033608B8086E710CF21E44139A7361FB49B88F49A236DE8D2B769CF7CC999C745
                    APIs
                    • GetLastError.KERNEL32 ref: 00007FF7F3A0B6DD
                      • Part of subcall function 00007FF7F39FB1B0: HeapAlloc.KERNEL32(?,?,00000000,00007FF7F39FC0E6,?,?,?,00007FF7F39F348D,?,?,?,?,00007FF7F39FB25C), ref: 00007FF7F39FB205
                      • Part of subcall function 00007FF7F39FB228: HeapFree.KERNEL32 ref: 00007FF7F39FB23E
                      • Part of subcall function 00007FF7F39FB228: GetLastError.KERNEL32 ref: 00007FF7F39FB248
                      • Part of subcall function 00007FF7F39F6CF0: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7F39F6D23
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: ErrorHeapLast$AllocFree_invalid_parameter_noinfo
                    • String ID:
                    • API String ID: 916656526-0
                    • Opcode ID: cf5b69d47f4f07e059a4196ae1f292ea6692d4d97a832c6fba1a9468ab7d132a
                    • Instruction ID: e2d7e6e06371eeeb888a0595880bbb0ae0b8dd4c68314dc5ff5eda9f538f919c
                    • Opcode Fuzzy Hash: cf5b69d47f4f07e059a4196ae1f292ea6692d4d97a832c6fba1a9468ab7d132a
                    • Instruction Fuzzy Hash: 2F41AC61B0A24342F7E0BA376591FBAE2806F55B84F844539FE6E6F7C5DE3CE40146A0
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2358808337.0000000000400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2358808337.00000000008DC000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000AD2000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3C000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B6F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000BEB000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C56000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C85000.00000040.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID: `)B
                    • API String ID: 0-1795337573
                    • Opcode ID: 85dff5bfb7657db4da5b0c41a211e0d06ed05f9f9fd95ba35a865ee73f8f0bfe
                    • Instruction ID: 3acf4ede4f4ce5265abde2b10860803cecb8e530017080de68c24bf8bb30670a
                    • Opcode Fuzzy Hash: 85dff5bfb7657db4da5b0c41a211e0d06ed05f9f9fd95ba35a865ee73f8f0bfe
                    • Instruction Fuzzy Hash: 6731707A314B8591DB448B19F4813EA6B62E784BC4F85E13BEE4E03769DF38C24AC704
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: HeapProcess
                    • String ID:
                    • API String ID: 54951025-0
                    • Opcode ID: 4b9320abf1acb21eedc2dea5fe6eb0b340dc96e09a0b74c84005be063930f31c
                    • Instruction ID: 7bc01e186b4ab56714571031dc254f36fcf3ca4fcfee245df582e5c0c820ee3e
                    • Opcode Fuzzy Hash: 4b9320abf1acb21eedc2dea5fe6eb0b340dc96e09a0b74c84005be063930f31c
                    • Instruction Fuzzy Hash: 87B09224F1BA0AC2EB8CBB726C42A18A2A47F48710FC54038D42CA6360DF2C21B55B60
                    Memory Dump Source
                    • Source File: 00000000.00000002.2361158172.00000188C5400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000188C5400000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_188c5400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: b5189d9186406238a450ec161facb8622025fe9b05f95c9a5f306e052f9edd3e
                    • Instruction ID: 86a488d373df8a67b2f0e369d961d000515335b573d29dd9b3060262c24669c2
                    • Opcode Fuzzy Hash: b5189d9186406238a450ec161facb8622025fe9b05f95c9a5f306e052f9edd3e
                    • Instruction Fuzzy Hash: FB221470558B088FEBA4EB28D4447E5B7E1FB98300FE18569B44DC72AACF70D945C7A2
                    Memory Dump Source
                    • Source File: 00000000.00000002.2361158172.00000188C5400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000188C5400000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_188c5400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: e12d566a5859e2b9753ed88490ff44cb6a3e0daa4ab5472a6d3fc88d583a1950
                    • Instruction ID: ac296c22c3e56f989ba60e602f2b8ed53154868745787f89b605474d0c1fb1b8
                    • Opcode Fuzzy Hash: e12d566a5859e2b9753ed88490ff44cb6a3e0daa4ab5472a6d3fc88d583a1950
                    • Instruction Fuzzy Hash: F302E771618F584FDB68EB18C885BE9B3D1FBA8300F904A5DE44AD3296DF70E944C792
                    Memory Dump Source
                    • Source File: 00000000.00000002.2361158172.00000188C5400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000188C5400000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_188c5400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 7367d9509721f7984ff667a56590d4f4a345d96bd5c472cdbd0ab01578cd9b69
                    • Instruction ID: 0c695895ed7959261538a62e297bc8665fb5954d1fe7bb2576150024e51d0564
                    • Opcode Fuzzy Hash: 7367d9509721f7984ff667a56590d4f4a345d96bd5c472cdbd0ab01578cd9b69
                    • Instruction Fuzzy Hash: 20026070758F488FDBA8EB1C9445BAAB3D1FBA8711F54862EA44DD3295CF30ED408792
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 252f454639e6bf2fdb0896bcc57d4058a10f653c833c9f657e7535e7bc6ce123
                    • Instruction ID: 501c7d1b82d3ce209d14eb1c0e7d020c6261544f94d2ca4437df58d075e7098c
                    • Opcode Fuzzy Hash: 252f454639e6bf2fdb0896bcc57d4058a10f653c833c9f657e7535e7bc6ce123
                    • Instruction Fuzzy Hash: 02422E7191DE4685E3D3AB36A451D25A324BF513C0F818736F92E7EBD4DF2CE48292A0
                    Memory Dump Source
                    • Source File: 00000000.00000002.2361158172.00000188C5400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000188C5400000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_188c5400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: fde6f9e5b0c4a2cdf6740fef3b30b57fb31211a9197717370eb817af98477e47
                    • Instruction ID: c57a8a863ea36115e85613175117321573ea0a9bc4abbf14d4a59a44e61fecf2
                    • Opcode Fuzzy Hash: fde6f9e5b0c4a2cdf6740fef3b30b57fb31211a9197717370eb817af98477e47
                    • Instruction Fuzzy Hash: 51F172702A8B484FDB989B1CC4957E5B7D1FB98300FD4867DF486C7296CF20D98187A2
                    Memory Dump Source
                    • Source File: 00000000.00000002.2361158172.00000188C5400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000188C5400000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_188c5400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: c55ef739818546aca9761e82d638358066c1012bb21243a9803f70eb543b1645
                    • Instruction ID: fcefb1c8afb19ba914f99a2f2877e7b1d42066fb1efcc449ed6e10cf9d8eaa21
                    • Opcode Fuzzy Hash: c55ef739818546aca9761e82d638358066c1012bb21243a9803f70eb543b1645
                    • Instruction Fuzzy Hash: 4ED11770668F2D4FDB98EB1C84847E873D1FBE8311F85866DF40AC31A5CF258A5887A1
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 7cb481b822e61749df0209fa4b84c32b829a43064934165c4595f63b9aede7c9
                    • Instruction ID: 27e608a5baa7b06c18553b86fab1354e306f218c1e7f211fb2db149773aa6d1e
                    • Opcode Fuzzy Hash: 7cb481b822e61749df0209fa4b84c32b829a43064934165c4595f63b9aede7c9
                    • Instruction Fuzzy Hash: F5E150A2B2C0B302EB69D6359408B785A917750B8DF415635D93BDBBC0E93CE9C583B2
                    Memory Dump Source
                    • Source File: 00000000.00000002.2361158172.00000188C5400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000188C5400000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_188c5400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: e65a7b1742891c0b69d5cde69d72e95e718339807b921d90b88b4d0ce898838d
                    • Instruction ID: 91e62d619685efe6a7ac56596a64b5c1a95a3a4a346d75c102b799e5fc7d789f
                    • Opcode Fuzzy Hash: e65a7b1742891c0b69d5cde69d72e95e718339807b921d90b88b4d0ce898838d
                    • Instruction Fuzzy Hash: EEF1D370548B088FDB54DF28C4807DAB7E1FB59300F958A2AF485D32A5DF71E940CBA1
                    Memory Dump Source
                    • Source File: 00000000.00000002.2361158172.00000188C5400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000188C5400000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_188c5400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: b833e0e8d882bbb832fdcd686b35a9619ef0aceff5d71c16d0b5d551aac88a9e
                    • Instruction ID: 9acef29d553cf402b9fb1b7c9f1b9bfc4e08cedc77c2aab91a09dd6b8d4a35c9
                    • Opcode Fuzzy Hash: b833e0e8d882bbb832fdcd686b35a9619ef0aceff5d71c16d0b5d551aac88a9e
                    • Instruction Fuzzy Hash: 99D1C1B0158A098FEFA4EF18D4447D5B3E1FB98314FE48569A00EC7689CF31DA85CBA1
                    Memory Dump Source
                    • Source File: 00000000.00000002.2361158172.00000188C5400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000188C5400000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_188c5400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: c2353b765bed9815195fa9e3319092442cf774f5452df5636dde7ee221a86617
                    • Instruction ID: aed7767612f65e49fee9ebdbcf06902569d05e713d0c62142d2fc137fa769386
                    • Opcode Fuzzy Hash: c2353b765bed9815195fa9e3319092442cf774f5452df5636dde7ee221a86617
                    • Instruction Fuzzy Hash: 24B1D670694B098BEF54EF18C4817D5B3E1FB98310F948669F859C729ADF30E94187A2
                    Memory Dump Source
                    • Source File: 00000000.00000002.2358808337.0000000000400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2358808337.00000000008DC000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000AD2000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3C000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B6F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000BEB000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C56000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C85000.00000040.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 35e3a85f2c70ccf09ae74e84588b580866a11c1b5fc3ab8683da573a0ce5f8be
                    • Instruction ID: f5b88e56f34bb0d70edf3bb41dc56f47ce7b385608850ff50422983899a2830e
                    • Opcode Fuzzy Hash: 35e3a85f2c70ccf09ae74e84588b580866a11c1b5fc3ab8683da573a0ce5f8be
                    • Instruction Fuzzy Hash: 27F17E36209BC492DB288B22E64039BB361F386789F44911BDF9D57B56DF3CD4A8C705
                    Memory Dump Source
                    • Source File: 00000000.00000002.2358808337.0000000000400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2358808337.00000000008DC000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000AD2000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3C000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B6F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000BEB000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C56000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C85000.00000040.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: f665a07c36980408c165651f2c9617a528cfb87aac76174431afc156d8b2f305
                    • Instruction ID: 0c84bd2d11f2523c6c2afbf76d0898ec3b358dc123e16d0b920e61efebfad4a9
                    • Opcode Fuzzy Hash: f665a07c36980408c165651f2c9617a528cfb87aac76174431afc156d8b2f305
                    • Instruction Fuzzy Hash: BCC131B6708BC481CA609B57A84079AA765F389FD4F488127EF9D63B59CF3CC591CB08
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: e6fff47f2b3529193015fdd8936ea06bc1439e6ca01dedf471f19c90eaff2340
                    • Instruction ID: 78c0558f44e4d78010baf9a9eda3378d20c81222aba7ce5f34b6c2ee35eaaa72
                    • Opcode Fuzzy Hash: e6fff47f2b3529193015fdd8936ea06bc1439e6ca01dedf471f19c90eaff2340
                    • Instruction Fuzzy Hash: 4ED1E96AA08A4285EBA8EE35845037DA7A0FB05B4CF944235CDBD2F6D4CF7DD845C3A0
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: ErrorLastNameTranslate$CodePageValidValue_invalid_parameter_noinfo
                    • String ID:
                    • API String ID: 4023145424-0
                    • Opcode ID: 50656ee21258ac0da894b56c1d7126eaeee6a335eea4b6efcb4ceac5acfc4cd8
                    • Instruction ID: b722f269c0c3edd4b1d6fef3370996f45d7fac30aa027d34c5a1e900876a9335
                    • Opcode Fuzzy Hash: 50656ee21258ac0da894b56c1d7126eaeee6a335eea4b6efcb4ceac5acfc4cd8
                    • Instruction Fuzzy Hash: CEC1D362A0878285EBA0EB7694107BAA7A0FB9478CF804031EE7D6B6DDDF3CD545C750
                    Memory Dump Source
                    • Source File: 00000000.00000002.2358808337.0000000000400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2358808337.00000000008DC000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000AD2000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3C000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B6F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000BEB000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C56000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C85000.00000040.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: b522ace28856e9e9ea8c1f1ad41f2afcdc2fe741b55aff357cecf81a7e1e2e32
                    • Instruction ID: 8010676863f330f06a2803bd0ee3c46f601ff1cf415c3143e3df470ac5c4e2cb
                    • Opcode Fuzzy Hash: b522ace28856e9e9ea8c1f1ad41f2afcdc2fe741b55aff357cecf81a7e1e2e32
                    • Instruction Fuzzy Hash: 0BB19F32609B80C7EB04DF15F89076AB761F78AB84F446226EA8D47B69DF3CC845CB05
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 9452c188692760ccc7ab37e75e398a3a72028acb97d758fa886cdea137249563
                    • Instruction ID: aa08b013e2a7e76f6a035235082bfaf0d5c40f8aa7fe3653f030724964537dec
                    • Opcode Fuzzy Hash: 9452c188692760ccc7ab37e75e398a3a72028acb97d758fa886cdea137249563
                    • Instruction Fuzzy Hash: 5FB15F36F19A42C6EBD0EF69D44917DB361BB50B88B958035CAAD2B3C4DF38E455C3A0
                    Memory Dump Source
                    • Source File: 00000000.00000002.2361158172.00000188C5400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000188C5400000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_188c5400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: b2e8ba99b4d5d803b6bd304185397b7543a82d442b7a263a3c2717b39043414d
                    • Instruction ID: 4063a7eda05531178c4af389cb53d9f5c11cda9dbcf0106a421aa709dc794ddd
                    • Opcode Fuzzy Hash: b2e8ba99b4d5d803b6bd304185397b7543a82d442b7a263a3c2717b39043414d
                    • Instruction Fuzzy Hash: 8C81F230558F488FDB85DB2884417E6B7D1FB99300F94C329F499D32AADF749A4487A2
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: ErrorLast$Value_invalid_parameter_noinfo
                    • String ID:
                    • API String ID: 1500699246-0
                    • Opcode ID: d3d8ba4dc1ff6d3c3707cc33c7b4d74fc9e5e2f0056a0e856eb296d829a5c6b1
                    • Instruction ID: 6285d3c6391385b7b14631df447dc3c8a7add79fd0131b46804c16c36715e016
                    • Opcode Fuzzy Hash: d3d8ba4dc1ff6d3c3707cc33c7b4d74fc9e5e2f0056a0e856eb296d829a5c6b1
                    • Instruction Fuzzy Hash: 4AB129B290824642EBA4EF72D410AB973A0FB54B8CF805135EA695F6D9CF3CE441C7E0
                    Memory Dump Source
                    • Source File: 00000000.00000002.2361158172.00000188C5400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000188C5400000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_188c5400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 1dd34efa7c29bc8ad7688e3ec5d3c80d1a01fb9c472507c85a89a524bf24948d
                    • Instruction ID: 2daab6275267edaef20e8738707bdfc5c3629ca5416c608da0f279a56fafc452
                    • Opcode Fuzzy Hash: 1dd34efa7c29bc8ad7688e3ec5d3c80d1a01fb9c472507c85a89a524bf24948d
                    • Instruction Fuzzy Hash: B8612A3275CD184FDB98EE2C58482B5B3D2F7ED321BAAC26AA409D32A9DD31DD4543D0
                    Memory Dump Source
                    • Source File: 00000000.00000002.2358808337.0000000000400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2358808337.00000000008DC000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000AD2000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3C000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B6F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000BEB000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C56000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C85000.00000040.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: ad8456d599a3f3ab6d570adedd3508dc8829486a8c9d24827fa6455247135f35
                    • Instruction ID: f22f2a4e924e0dda9444480f9d17b150b12f76c65ef6b5b239d882223a17018f
                    • Opcode Fuzzy Hash: ad8456d599a3f3ab6d570adedd3508dc8829486a8c9d24827fa6455247135f35
                    • Instruction Fuzzy Hash: B2B1DF32209B84C5DB10DB16E54036A7360F745BC8F19953BEE4E27B95CB3DC4A6C789
                    Memory Dump Source
                    • Source File: 00000000.00000002.2358808337.0000000000400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2358808337.00000000008DC000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000AD2000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3C000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B6F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000BEB000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C56000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C85000.00000040.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 912ee13f0610d2d57ed8713d2a41f0fd0b5581ffd4030a7cc18497e44a1f27de
                    • Instruction ID: a690a3fcd182e460bec7abaa5d630ffcb013f2cf2818993ea02f7b6614211457
                    • Opcode Fuzzy Hash: 912ee13f0610d2d57ed8713d2a41f0fd0b5581ffd4030a7cc18497e44a1f27de
                    • Instruction Fuzzy Hash: CFB10A16D1CFCA20E61357789403B762B146FF76C4F01D73ABAC6F16A3DB166A04B922
                    Memory Dump Source
                    • Source File: 00000000.00000002.2358808337.0000000000400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2358808337.00000000008DC000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000AD2000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3C000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B6F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000BEB000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C56000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C85000.00000040.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: c352edba706289525fb628a471c9be36c2c70884c8e945f326e0eafa842ed80e
                    • Instruction ID: d92989ae56d03831717056930ed1edfc23c965f658cd933adddac2d0c8abdeb6
                    • Opcode Fuzzy Hash: c352edba706289525fb628a471c9be36c2c70884c8e945f326e0eafa842ed80e
                    • Instruction Fuzzy Hash: 0B81B472609600CBFF24DB55D88076A7760E789B88F58663BDA8C07B65CB7CC886C749
                    Memory Dump Source
                    • Source File: 00000000.00000002.2358808337.0000000000400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2358808337.00000000008DC000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000AD2000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3C000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B6F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000BEB000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C56000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C85000.00000040.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 776d5be88b60cc8fab45d9590b56ce9cdd442f6bc7dd6e770e6d57e8eb3b43cd
                    • Instruction ID: 5e243cb66e17cb2ff69939081ac246be8633562da1a52206cf4f150a1ffa284c
                    • Opcode Fuzzy Hash: 776d5be88b60cc8fab45d9590b56ce9cdd442f6bc7dd6e770e6d57e8eb3b43cd
                    • Instruction Fuzzy Hash: FE913676718B8482DB109B16F08035AB7A5F78ABD8F54522AEBDD53B59CF3CC065CB04
                    Memory Dump Source
                    • Source File: 00000000.00000002.2358808337.0000000000400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2358808337.00000000008DC000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000AD2000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3C000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B6F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000BEB000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C56000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C85000.00000040.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: a3aa01a410c8d198d1ebd7558a4bdcc1c7e785f80a8e165ba79ec0c6a496a77e
                    • Instruction ID: cb8a870b3930d83471373f7aacffa572f43877e10034a62ef7f611e87b77c93b
                    • Opcode Fuzzy Hash: a3aa01a410c8d198d1ebd7558a4bdcc1c7e785f80a8e165ba79ec0c6a496a77e
                    • Instruction Fuzzy Hash: 14816D76609B8486C714DB66A440B6AFBA1F78DBC4F58612BFF8903B19DF3CC8548B44
                    Memory Dump Source
                    • Source File: 00000000.00000002.2358808337.0000000000400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2358808337.00000000008DC000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000AD2000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3C000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B6F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000BEB000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C56000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C85000.00000040.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 9c695f2be0ca2f1314dae0a824c352866da460d6c7a6545e97cbc1f80718681a
                    • Instruction ID: 5bdbfce778fd2cad27846306fc47b5dbf102f989cf9db3b84676c7230e5956e8
                    • Opcode Fuzzy Hash: 9c695f2be0ca2f1314dae0a824c352866da460d6c7a6545e97cbc1f80718681a
                    • Instruction Fuzzy Hash: 54718B72718B9883DB108F16F48076AA762F796BC4F94512AEF8D13B5ACB7CC055C748
                    Memory Dump Source
                    • Source File: 00000000.00000002.2361158172.00000188C5400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000188C5400000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_188c5400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 77f38dbc794479f0a8783e030cd387483afd62861889b1514e062d82a88d8975
                    • Instruction ID: 1b298465e3b0ad88de06c38bd79a5bb9f9e6e1f563b1ec62a0eb809b76e3e2e9
                    • Opcode Fuzzy Hash: 77f38dbc794479f0a8783e030cd387483afd62861889b1514e062d82a88d8975
                    • Instruction Fuzzy Hash: 7251D3B0908F088FDB86DF298044BA677E1FFEA340F448B7AA40AE7166DF709545C791
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: _invalid_parameter_noinfo
                    • String ID:
                    • API String ID: 3215553584-0
                    • Opcode ID: 5fa239952fb2d966a9035c798512b8a2803a4107c3cdf8cf4739f4bae4f31722
                    • Instruction ID: 04bd44cdf9a8bfbc7c0fccd2aa2392949a2c00eab39633dedd5494f94f4c1989
                    • Opcode Fuzzy Hash: 5fa239952fb2d966a9035c798512b8a2803a4107c3cdf8cf4739f4bae4f31722
                    • Instruction Fuzzy Hash: CE611C62E0C24282F7E4A93A8450E7DE585AF41760F94423DFA7D6F7E5DE3DE80187A0
                    Memory Dump Source
                    • Source File: 00000000.00000002.2358808337.0000000000400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2358808337.00000000008DC000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000AD2000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3C000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B6F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000BEB000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C56000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C85000.00000040.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: be0d80aab431d673182d8264da8c664f36dd05d3e5f81d11226893bb6b943ea9
                    • Instruction ID: e8ee57a2b6846b485fb54125173ecce826b6bcae1bed5436452971dd03d4812d
                    • Opcode Fuzzy Hash: be0d80aab431d673182d8264da8c664f36dd05d3e5f81d11226893bb6b943ea9
                    • Instruction Fuzzy Hash: 7461593220AB8486D745DB36E0407EAB762F786BD4F489327EA5D13B85DF3CC0A48705
                    Memory Dump Source
                    • Source File: 00000000.00000002.2361158172.00000188C5400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000188C5400000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_188c5400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 4d94fa706cf4a7498c9e817b929e856c1cce8022e7e675bf23970e6ca0d635a5
                    • Instruction ID: ba65a9bf8403483365502698d9ed540f5db0ae6a1e9b29166d33d58542a1b5fd
                    • Opcode Fuzzy Hash: 4d94fa706cf4a7498c9e817b929e856c1cce8022e7e675bf23970e6ca0d635a5
                    • Instruction Fuzzy Hash: 5451A171294A098FDF84EF18C080BDAB7E1FF98310F948569F459D72A6DF31DA418BA1
                    Memory Dump Source
                    • Source File: 00000000.00000002.2358808337.0000000000400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2358808337.00000000008DC000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000AD2000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3C000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B6F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000BEB000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C56000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C85000.00000040.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: f4028b2ee18a1eba16559fe69d2d877ba61be2a4815f73ffc2cdb5ca7dcb6afd
                    • Instruction ID: 0778df5d92d2be3f9b2b4006c57bc02fceca1b2bada08dc07d33744b26550843
                    • Opcode Fuzzy Hash: f4028b2ee18a1eba16559fe69d2d877ba61be2a4815f73ffc2cdb5ca7dcb6afd
                    • Instruction Fuzzy Hash: 9D41D5E5B0669442EE008B26862416AF371A74BFD0758E23BDF6D77799D93CD401934C
                    Memory Dump Source
                    • Source File: 00000000.00000002.2358808337.0000000000400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2358808337.00000000008DC000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000AD2000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3C000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B6F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000BEB000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C56000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C85000.00000040.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: c37c7cfb8f09467ba1b9558ed67185fe0142bf5de6c3f81f02dfe33e08ade498
                    • Instruction ID: 22d0f75f0f3b88cfff71c7b2e58e609a6aa29ee82df0eaf0084c12258a9ea6a6
                    • Opcode Fuzzy Hash: c37c7cfb8f09467ba1b9558ed67185fe0142bf5de6c3f81f02dfe33e08ade498
                    • Instruction Fuzzy Hash: 6241F762B04E40CAFF14DF66D091267A791E786798F8A4A37DBAC433C7D62CC494860A
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: ac8362b94cbf271fd23ce0d6965fdbbec26e6817efc2dd1af2fcdc0b4ee58872
                    • Instruction ID: e7776679752639dfc47394b626802220cc993b73a09b9b0093f7bce59078d1c9
                    • Opcode Fuzzy Hash: ac8362b94cbf271fd23ce0d6965fdbbec26e6817efc2dd1af2fcdc0b4ee58872
                    • Instruction Fuzzy Hash: 4251AF76A1865182F7A4DB39C04423DA7A4EB44B5CFA44131CE6D2B7E4DB3AEC92C7D0
                    Memory Dump Source
                    • Source File: 00000000.00000002.2361158172.00000188C5400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000188C5400000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_188c5400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 10b2768cc135e620829989fa2ec3337534ddc1b483767815b43a4d270d2e3035
                    • Instruction ID: 721e145af67c706a4ec63ec46c45c9254853ab6640d03d3155cd729d698276ce
                    • Opcode Fuzzy Hash: 10b2768cc135e620829989fa2ec3337534ddc1b483767815b43a4d270d2e3035
                    • Instruction Fuzzy Hash: 45313371969E1D4BDA83EE398444251B285FFE9340F94C713BC16F3195EB2598C68380
                    Memory Dump Source
                    • Source File: 00000000.00000002.2358808337.0000000000400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2358808337.00000000008DC000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000AD2000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3C000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B6F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000BEB000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C56000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C85000.00000040.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 6e4587e24247dd5e899281980d439ce5eba59ecc897a37dc2904c25e700193ee
                    • Instruction ID: 785bc02b50e637fa8e1476c4b7f72187126686e6cba6643a8d3dcdd544884ce6
                    • Opcode Fuzzy Hash: 6e4587e24247dd5e899281980d439ce5eba59ecc897a37dc2904c25e700193ee
                    • Instruction Fuzzy Hash: 2051C2B2A09F8489D716DB22E44039AA7A5FBDABC0F08C736AE5D67715CF3CC0918745
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: ErrorFreeHeapLast
                    • String ID:
                    • API String ID: 485612231-0
                    • Opcode ID: c2acb0c44f9c8afb3d0130025a49759386e6196cd84c896743de20110e0e528e
                    • Instruction ID: 842e2324cdaeaf3cbf461b8f35c9d81281d9d8a933d4f0a09c5dac9924e03e88
                    • Opcode Fuzzy Hash: c2acb0c44f9c8afb3d0130025a49759386e6196cd84c896743de20110e0e528e
                    • Instruction Fuzzy Hash: 48414A32B14B5541EF84DF3AD9155A9B3A1FB48FC4B889032EE2DABB94DE3DD0428740
                    Memory Dump Source
                    • Source File: 00000000.00000002.2361158172.00000188C5400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000188C5400000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_188c5400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 85dff5bfb7657db4da5b0c41a211e0d06ed05f9f9fd95ba35a865ee73f8f0bfe
                    • Instruction ID: 0e3432b37844dd1267cf03f71e4981a5fb5ae0772f5376f9408d540326367070
                    • Opcode Fuzzy Hash: 85dff5bfb7657db4da5b0c41a211e0d06ed05f9f9fd95ba35a865ee73f8f0bfe
                    • Instruction Fuzzy Hash: 26417571218A188FDB89EB28C880BD777E1FB94340F85867AF44AD7256DE70E644CB91
                    Memory Dump Source
                    • Source File: 00000000.00000002.2358808337.0000000000400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2358808337.00000000008DC000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000AD2000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3C000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B6F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000BEB000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C56000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C85000.00000040.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 44738e3cfe8b055cfb7094ae06999706e33ccbfbce795679f158ad67c332017e
                    • Instruction ID: a2fd1597ba3bd55fb40639fa78db725191173a67b6c11bcda8bf0067563fc956
                    • Opcode Fuzzy Hash: 44738e3cfe8b055cfb7094ae06999706e33ccbfbce795679f158ad67c332017e
                    • Instruction Fuzzy Hash: EC312672A0BE0049DD07DB7B9561391821B6FA3BF4F98C7236C3B362E4EB1D90838604
                    Memory Dump Source
                    • Source File: 00000000.00000002.2358808337.0000000000400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2358808337.00000000008DC000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000AD2000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3C000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B6F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000BEB000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C56000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C85000.00000040.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: c06c65940c2ceffad54419b5637c17efadf30fdcac581bfa56ca555a1bc8590c
                    • Instruction ID: f17789b6d53c87095caa29b8e90a238df597dbab2345ff542b50f63236465814
                    • Opcode Fuzzy Hash: c06c65940c2ceffad54419b5637c17efadf30fdcac581bfa56ca555a1bc8590c
                    • Instruction Fuzzy Hash: 0A21F7A1E55E444ACA47EB3A84403159206AF967D0F58C733AD1EB77D6EB39D4D24240
                    Memory Dump Source
                    • Source File: 00000000.00000002.2358808337.0000000000400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2358808337.00000000008DC000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000AD2000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3C000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B6F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000BEB000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C56000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C85000.00000040.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 2584e08f1d2ab358f36b89db4b62a18da0c51765da5bb005b5ed5b9ac36e4a91
                    • Instruction ID: 299e42fbcaf666979da13c0c26eff985111c95c4626ce2468e9b31a4b445feee
                    • Opcode Fuzzy Hash: 2584e08f1d2ab358f36b89db4b62a18da0c51765da5bb005b5ed5b9ac36e4a91
                    • Instruction Fuzzy Hash: 8721D43A208F89C1E610DF22F88531A7B70F74AB84F858626DA9D83B66DB7DC045CB44
                    Memory Dump Source
                    • Source File: 00000000.00000002.2358808337.0000000000400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2358808337.00000000008DC000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000AD2000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3C000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B6F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000BEB000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C56000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C85000.00000040.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: d144fe95c8ba447363ddbcd01a18889b89234896f6d0177c401e207e7f77cdef
                    • Instruction ID: 1c06fb66efcc29e2ea1571702106d874fcba2653b9eacd3bfe394ea869e4c819
                    • Opcode Fuzzy Hash: d144fe95c8ba447363ddbcd01a18889b89234896f6d0177c401e207e7f77cdef
                    • Instruction Fuzzy Hash: A3E04C75714A84C1D6205B19E45135A7760E7887B4F550322EEBD477E4CE38C2668F44
                    Memory Dump Source
                    • Source File: 00000000.00000002.2358808337.0000000000400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                    • Associated: 00000000.00000002.2358808337.00000000008DC000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000AD2000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3C000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B3F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000B6F000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000BEB000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C56000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C7D000.00000040.00001000.00020000.00000000.sdmpDownload File
                    • Associated: 00000000.00000002.2358808337.0000000000C85000.00000040.00001000.00020000.00000000.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: b74a1969c87388ece4d3501eccad91bbe5e833c89355f41c426ab9e9e12fa236
                    • Instruction ID: 3f871e67f29a92c5100beb1645e1309a85641a78d9042217e8f3ecb667d23512
                    • Opcode Fuzzy Hash: b74a1969c87388ece4d3501eccad91bbe5e833c89355f41c426ab9e9e12fa236
                    • Instruction Fuzzy Hash: 80C08CE290AB8199FB10C304A1003002A858B08385D808081828840216972C8A888108
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 5a40e8b81324f487b0846a94af69ef00f4dc26a0726a71eecc380ffd996b578a
                    • Instruction ID: 84da42486d921a651a5eabb11e4502eac167302727e5843cb550fdbe0b68c0ad
                    • Opcode Fuzzy Hash: 5a40e8b81324f487b0846a94af69ef00f4dc26a0726a71eecc380ffd996b578a
                    • Instruction Fuzzy Hash: 93C01221F0EA02C1EBD47B17AC4252851506F09711FC48430D51C293D0CE2CA0968B71
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 06284c9b82ae493615c44f473c442db9c46b72938a73ab7b89434c75c581bd58
                    • Instruction ID: 82349e534342b5dd75edef2d2fad2ade97d63779ed45262e6fcacd1b8df281c2
                    • Opcode Fuzzy Hash: 06284c9b82ae493615c44f473c442db9c46b72938a73ab7b89434c75c581bd58
                    • Instruction Fuzzy Hash: 1AA0012190C80290F795AB01A850420A221AB60368B801231D0BDA95A49F3CE48096A9
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: wprintf
                    • String ID: CHILD:%p$ LEFT:%p$ NEXT_hbox:%p$ PARENT:%p$ SIBLING:%p$,%i$,%i~%i*%i$/%i$:%i$SELF:%p
                    • API String ID: 3614878089-2936623444
                    • Opcode ID: 76384c3477a38aac6958288852928ee99ed842b1303dff72fb3fb20381b4cfe1
                    • Instruction ID: 1c08a941b3ae26ef282a7399ccede265c7ccf45fed1ffa6d118496998c270cce
                    • Opcode Fuzzy Hash: 76384c3477a38aac6958288852928ee99ed842b1303dff72fb3fb20381b4cfe1
                    • Instruction Fuzzy Hash: 6A510A11B0850780EF81F716D4A14BDA310AF95BC9BD19431E96EAF3E6DE3CD941CBA0
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: CloseHandleWindow$CreateFirstModule32NextProcessProcess32SnapshotToolhelp32Update$DesktopFindObjectOpenSingleTerminateWait
                    • String ID: killed process with id %d$KillProcWithIdAndModule() processId=%d, modulePath=%s$KillProcessesWithModule: '%s'$Shell_TrayWnd
                    • API String ID: 790993144-347290715
                    • Opcode ID: 20c1e8f0fb94fd5a7a5a864404b561e09ffda3e4ff2dcc96d2caa2d34e9e4662
                    • Instruction ID: 52fb398c57d7eb6e4fb34cb85a30b5e896bded87bbe6fbcbe3a63c96368387d0
                    • Opcode Fuzzy Hash: 20c1e8f0fb94fd5a7a5a864404b561e09ffda3e4ff2dcc96d2caa2d34e9e4662
                    • Instruction Fuzzy Hash: 0E515121B0C64241FBA0FB22A814579E351AF85BF8F805331E97E6A6D9DF3CD5458BA0
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: wprintf
                    • String ID: LEFT:%p$ PARENT:%p$ SIBLING:%p$%s:%i,%i,%i:%i,%i$,%i$:%i$SELF:%p
                    • API String ID: 3614878089-2353190930
                    • Opcode ID: efa7843aec3125e3cd03ecdf306a38b990439a784c6e7d8cebb41d395cb31e90
                    • Instruction ID: c7ad3f415c47a4e2fae7e2ca5a09cbd2f293e85080566b19a9481d5de301256a
                    • Opcode Fuzzy Hash: efa7843aec3125e3cd03ecdf306a38b990439a784c6e7d8cebb41d395cb31e90
                    • Instruction Fuzzy Hash: 3D418322A08A0685DB40FB16E4A4479B760FF85BD4BC15436ED6D6B3E2DF3CD441CBA0
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: wprintf
                    • String ID: CHILD:%p$ LEFT:%p$ NEXT_hbox:%p$ PARENT:%p$ SIBLING:%p$%s:%i$SELF:%p
                    • API String ID: 3614878089-673552350
                    • Opcode ID: 4b20988b54df5b891eba63377b3dcbcb5527087a409691e20a0554edb13f123a
                    • Instruction ID: 76a93dbf081e7577c361569e9c5d92201268d48d65090095da3c41e7694d1c0b
                    • Opcode Fuzzy Hash: 4b20988b54df5b891eba63377b3dcbcb5527087a409691e20a0554edb13f123a
                    • Instruction Fuzzy Hash: 13315022A0590690DB80FB0AD5D04B8B321FF44BD4BD49036DA2D6B3A5CF3CD951CBA0
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: wprintf
                    • String ID: ->%s$ LEFT:%p$ SIBLING:%p$,%i$:%i$SELF:%p$none
                    • API String ID: 3614878089-2403436808
                    • Opcode ID: 13c2a3c71c331ed1a70107fa1f4f43f4fb38faac98b180bb3002c58e547f7490
                    • Instruction ID: 07d6e509ea3681c28caa3d149be30d803bce0bec7716d13767ba491d9e0f4197
                    • Opcode Fuzzy Hash: 13c2a3c71c331ed1a70107fa1f4f43f4fb38faac98b180bb3002c58e547f7490
                    • Instruction Fuzzy Hash: B1313422B0990780EF85FB16D4905B9A361EF94BD9FD19032D52D6B3E5CE2CD542CBA0
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: wprintf
                    • String ID: CHILD:%p$ LEFT:%p$ PARENT:%p$ SIBLING:%p$%s:%i$SELF:%p
                    • API String ID: 3614878089-1610348627
                    • Opcode ID: 0158b70dc87947381a273d5e45df32e20327a4cce380af4dd34305287d6e8e28
                    • Instruction ID: f3633999ee45ad11a68eeef98dc35dd2ea0504e1f1780b1341679362970868d5
                    • Opcode Fuzzy Hash: 0158b70dc87947381a273d5e45df32e20327a4cce380af4dd34305287d6e8e28
                    • Instruction Fuzzy Hash: C3316622A1490680DB50FB0AE49007DF321FF94BD8BD59032DAAD6B3A5CF3DD841CBA0
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: PerformanceQuery$Counter$Message$Frequency$DialogDispatchEnabledMultipleObjectsPeekTranslateWaitWindow
                    • String ID:
                    • API String ID: 3427788053-0
                    • Opcode ID: 2a7a357297d4daf8461aee7cd818dd535a58cd011208b3badd7c2f7904eb89d1
                    • Instruction ID: b4e6b2ef9dd12f6ca4835973d5b63eb22c6819ff3d7bbf859f6e65bcf311ad0e
                    • Opcode Fuzzy Hash: 2a7a357297d4daf8461aee7cd818dd535a58cd011208b3badd7c2f7904eb89d1
                    • Instruction Fuzzy Hash: 53519432B05A0689EB91FF76D8956B8E361EF40788F808035D91E6A6D8DF3CE145C7A0
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: PerformanceQuery$Counter$Message$Frequency$DialogDispatchMultipleObjectsPeekTranslateWait
                    • String ID:
                    • API String ID: 3717166317-0
                    • Opcode ID: 854882bf02482ad8cf38f912c630cbae0a40e4ad8bf44888f2a32c27c0e6dd0a
                    • Instruction ID: dce6092130d68f98ce49a26546fdb484c01610b68582822d1d22f48a516fc492
                    • Opcode Fuzzy Hash: 854882bf02482ad8cf38f912c630cbae0a40e4ad8bf44888f2a32c27c0e6dd0a
                    • Instruction Fuzzy Hash: 11515732B05A4789EB90FF36D5546B8B361EB54788F804031D91D6A6D8DF3CE549CB90
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: FocusWindow$ClientCloseExitForegroundHandleMoveProcessRect
                    • String ID: Close$Installation failed!$OnInstallationFinished: cli->fastInstall: %d$Start SumatraPDF$Thank you! SumatraPDF has been installed.
                    • API String ID: 3178357518-3592063260
                    • Opcode ID: 9bef4567655aa1428210082cb76e71ac10de846211707199ced757c88306c428
                    • Instruction ID: 446eb1e04141b62e7f9df3b2199d1503ef104279ba6135fb157da50f78e49d27
                    • Opcode Fuzzy Hash: 9bef4567655aa1428210082cb76e71ac10de846211707199ced757c88306c428
                    • Instruction Fuzzy Hash: 86511C21A09A0281FB80FB16E851778B360AF94B94FC04231D97E6B3F5CF2DE855C7A0
                    APIs
                      • Part of subcall function 00007FF7F39D9150: IsDebuggerPresent.KERNEL32(?,?,?,00007FF7F39D9415,?,?,80000002,00007FF7F39DB24B,?,?,?,?,00000000,00007FF7F39DB286), ref: 00007FF7F39D91FA
                      • Part of subcall function 00007FF7F39D9150: OutputDebugStringA.KERNEL32(?,?,?,00007FF7F39D9415,?,?,80000002,00007FF7F39DB24B,?,?,?,?,00000000,00007FF7F39DB286), ref: 00007FF7F39D9210
                      • Part of subcall function 00007FF7F39DBED0: ShellExecuteExW.SHELL32 ref: 00007FF7F39DBF8C
                      • Part of subcall function 00007FF7F39DBED0: GetLastError.KERNEL32 ref: 00007FF7F39DBF96
                      • Part of subcall function 00007FF7F39E0118: MultiByteToWideChar.KERNEL32 ref: 00007FF7F39E017A
                      • Part of subcall function 00007FF7F39E0118: MultiByteToWideChar.KERNEL32 ref: 00007FF7F39E01B1
                      • Part of subcall function 00007FF7F39E0118: IsDebuggerPresent.KERNEL32 ref: 00007FF7F39E01BB
                      • Part of subcall function 00007FF7F39E0118: DebugBreak.KERNEL32 ref: 00007FF7F39E01C5
                    • ShellExecuteExW.SHELL32 ref: 00007FF7F39D1275
                    • GetLastError.KERNEL32 ref: 00007FF7F39D127F
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: ByteCharDebugDebuggerErrorExecuteLastMultiPresentShellWide$BreakOutputString
                    • String ID: LaunchFile: ShellExecuteExW path: '%s' params: '%s' verb: '%s'$ShowCrashHandlerMessage()$ShowCrashHandlerMessage: !gCrashFilePath$ShowCrashHandlerMessage: skipping beacuse !CanAccessDisk()$SumatraPDF crashed$We're sorry, SumatraPDF crashed.Press 'Cancel' to see crash report.$https://www.sumatrapdfreader.org/docs/Submit-crash-report.html$open
                    • API String ID: 2174802350-2240657154
                    • Opcode ID: a9244647d54fda9d98dfe133fafa0c86c04750b5f7e11559f594d4940d115643
                    • Instruction ID: cf054712260979228a596d1fd643077c68bc83c7302a467e4d084a0c32e5f93c
                    • Opcode Fuzzy Hash: a9244647d54fda9d98dfe133fafa0c86c04750b5f7e11559f594d4940d115643
                    • Instruction Fuzzy Hash: CF316F61E0C60281E7E0FB22E846BBAA361AF54754FC00235E5BD7E6C6DE7CE145C7A0
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: CloseHandle$CodeErrorExitLastObjectProcessSingleWait_invalid_parameter_noinfo
                    • String ID:
                    • API String ID: 2936579111-0
                    • Opcode ID: 745aea21e9f9d744b4dc98aca1a9321569c0acbad9d4d38e42c63b378b3c4ba1
                    • Instruction ID: cf7fd90e03993179a81936efc173dbbf6c3abb2aeb3dc91801048bfca3951f1d
                    • Opcode Fuzzy Hash: 745aea21e9f9d744b4dc98aca1a9321569c0acbad9d4d38e42c63b378b3c4ba1
                    • Instruction Fuzzy Hash: 44618165B0860185FB95FFB2D4405FCA3A1AB45BA8B810535EE2D7FBD5CE38E44583A0
                    APIs
                    Strings
                    • ${appName}, xrefs: 00007FF7F39D14F5
                    • SumatraPDF installer usage, xrefs: 00007FF7F39D1571
                    • %s%s, xrefs: 00007FF7F39D1520
                    • SumatraPDF, xrefs: 00007FF7F39D14EE
                    • See more at https://www.sumatrapdfreader.org/docs/Installer-cmd-line-arguments, xrefs: 00007FF7F39D1516
                    • <a href="https://www.sumatrapdfreader.org/docs/Installer-cmd-line-arguments">Read more on website</a>, xrefs: 00007FF7F39D15A3
                    • ${appName} installer options:[-s] [-d <path>] [-with-filter] [-with-preview] [-x]-s installs ${appName} silently (without user interaction)-d set installation directory-with-filter install search filter-with-preview install shell preview, xrefs: 00007FF7F39D14FC
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: #345AttachConsolewprintf
                    • String ID: ${appName}$${appName} installer options:[-s] [-d <path>] [-with-filter] [-with-preview] [-x]-s installs ${appName} silently (without user interaction)-d set installation directory-with-filter install search filter-with-preview install shell preview$%s%s$<a href="https://www.sumatrapdfreader.org/docs/Installer-cmd-line-arguments">Read more on website</a>$See more at https://www.sumatrapdfreader.org/docs/Installer-cmd-line-arguments$SumatraPDF$SumatraPDF installer usage
                    • API String ID: 3429576286-304061963
                    • Opcode ID: 4d20695d21928aa040589695b19988202bc036e62c419a5d31edcc9a85ad7e16
                    • Instruction ID: edd467b88a0ad6703b0ad495dead87e9c23cba6ff6834d2ad9185fc33f0e988f
                    • Opcode Fuzzy Hash: 4d20695d21928aa040589695b19988202bc036e62c419a5d31edcc9a85ad7e16
                    • Instruction Fuzzy Hash: B621B122A0CB4281F790EB12F445BA9A365FB85794F804131F9AD2B7D5DE3CD404CBA0
                    APIs
                      • Part of subcall function 00007FF7F39C6B04: VerSetConditionMask.KERNEL32 ref: 00007FF7F39C6B5A
                      • Part of subcall function 00007FF7F39C6B04: VerSetConditionMask.KERNEL32 ref: 00007FF7F39C6B69
                      • Part of subcall function 00007FF7F39C6B04: VerSetConditionMask.KERNEL32 ref: 00007FF7F39C6B78
                      • Part of subcall function 00007FF7F39C6B04: VerifyVersionInfoW.KERNEL32 ref: 00007FF7F39C6B99
                    • SHChangeNotify.SHELL32 ref: 00007FF7F39CF777
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: ConditionMask$ChangeInfoNotifyVerifyVersion
                    • String ID: .pdf$Content Type$Extension$Software\Classes\.pdf$Software\Classes\MIME\Database\Content Type\application/pdf$WriteExtendedFileExtensionInfo('%s')$WriteExtendedFileExtensionInfo() failed$application/pdf
                    • API String ID: 3837173726-3564585486
                    • Opcode ID: e6b59aec311b48e5ee27335323fed6f432cbf4472743e345c7446d0662cb39a8
                    • Instruction ID: d1fcb280d652249a854a38b06cc5672d3e2454ea1476b58245bc8f007d71c859
                    • Opcode Fuzzy Hash: e6b59aec311b48e5ee27335323fed6f432cbf4472743e345c7446d0662cb39a8
                    • Instruction Fuzzy Hash: 06116011E1C54280F784FB16A9119F9A322AF91BC4FC44036E96D7FADACE2CE115C7A0
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: wprintf
                    • String ID: ->%s$ SIBLING:%p$SELF:%p$none
                    • API String ID: 3614878089-3456003037
                    • Opcode ID: 6a513f347ab6f4650f1f6e035dd5fc9af0f553fdbb0d2fdd3fc9110f3ff53870
                    • Instruction ID: f2613609dcfee6f1388a66c88eb9216403f6c35c49afbb8a7257a0a359bdd73c
                    • Opcode Fuzzy Hash: 6a513f347ab6f4650f1f6e035dd5fc9af0f553fdbb0d2fdd3fc9110f3ff53870
                    • Instruction Fuzzy Hash: 5611516270990780EF85FB06E5905B8B321EF94BD8F919032D92D6B3E5CF2CD541CBA0
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: MessageSend$AttributesBrowseFileFocusFolderFromListMallocPath
                    • String ID: A$Select the folder where SumatraPDF should be installed:$SumatraPDF
                    • API String ID: 257268222-1282534697
                    • Opcode ID: 5161241287ee60bb7850ab9bad1f3714f2e90046f5f24a0217ec3e3d852ed5e4
                    • Instruction ID: bd8c722d162bf8dfa342424019930924e2e426887cb68fd73b379481a13c7765
                    • Opcode Fuzzy Hash: 5161241287ee60bb7850ab9bad1f3714f2e90046f5f24a0217ec3e3d852ed5e4
                    • Instruction Fuzzy Hash: 31519422609A4281EB90FB16E8557A9E390EF45BD8F840131EE6D6F7D5DF3CD405CB60
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: Window$CreateForegroundHandleModuleParentShow
                    • String ID: 3.6$SUMATRA_PDF_INSTALLER_FRAME$SumatraPDF %s Uninstaller$Uninstall SumatraPDF
                    • API String ID: 304226552-3813289771
                    • Opcode ID: 90a7a61e875bca694d81c3dfc0d4742fc3de1cd739577b8cf8a40662667eacee
                    • Instruction ID: f18c6b5f65888788acda6550e4d032bd7149604bf0ae5c0aa7903ac692e2876b
                    • Opcode Fuzzy Hash: 90a7a61e875bca694d81c3dfc0d4742fc3de1cd739577b8cf8a40662667eacee
                    • Instruction Fuzzy Hash: 1341603191C68282E790FB22E855769E360FB847A4FD04235E9BD6B7D5CF3CE04587A0
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: AddressProc$HandleModule
                    • String ID: GetCurrentPackageId$GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
                    • API String ID: 667068680-1247241052
                    • Opcode ID: 364f9df62a7e7d967acba8fc7366d9a7567afe0677765e4ee4724fe1927cbce2
                    • Instruction ID: acaf2f242401d32a8252721e3646e818a41cfe9fb09b72360a99e399885652c1
                    • Opcode Fuzzy Hash: 364f9df62a7e7d967acba8fc7366d9a7567afe0677765e4ee4724fe1927cbce2
                    • Instruction Fuzzy Hash: D4F0D074E09B0381FB84BB57BC54860E374BB08751BC41031E46D2B3A4DF3CE05987A0
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: AddressFreeLibraryProc
                    • String ID: api-ms-$ext-ms-
                    • API String ID: 3013587201-537541572
                    • Opcode ID: 83ff0e2a9728e401d859dd4c51e846d4e6a62d02089ae15504ddbc93b015e236
                    • Instruction ID: 3f4b08da3c2238eac804af6729fc427faba31140df4a6a1bd7a65be213247403
                    • Opcode Fuzzy Hash: 83ff0e2a9728e401d859dd4c51e846d4e6a62d02089ae15504ddbc93b015e236
                    • Instruction Fuzzy Hash: 8E410921B19A0241FBA5FB26A8005B5A391BF44BE8FC48535DD3D6F7C4DE3CE4059BA0
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: ObjectSelect$DrawMessageReleaseSendTextWindow
                    • String ID: Foo
                    • API String ID: 3653676781-3023971265
                    • Opcode ID: a7ad8e88b41c2d724295594ef5b13ce14e6a4aaa2c0c1d2dfa8d1cd375483077
                    • Instruction ID: ec750da4faab602e6f5d11b63b34c29257301ae33f1acaa55b4f8e3b65536d33
                    • Opcode Fuzzy Hash: a7ad8e88b41c2d724295594ef5b13ce14e6a4aaa2c0c1d2dfa8d1cd375483077
                    • Instruction Fuzzy Hash: A1212922A1964186E791EF22A914939A2A1EF45FE4F445230EE691BBC8DF3CE4418A50
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: MessageWindow$BrushColorCreateFocusForegroundModePostProcQuitSendSolidText
                    • String ID:
                    • API String ID: 1629640337-0
                    • Opcode ID: f494af337f219c98e365eb8a733aac01004a7bbce2228c836b8343b965ae15b6
                    • Instruction ID: 0820d4bd7a3821379843890bd0970d626175f60a105239ae79730036b1d11296
                    • Opcode Fuzzy Hash: f494af337f219c98e365eb8a733aac01004a7bbce2228c836b8343b965ae15b6
                    • Instruction Fuzzy Hash: F1317825E0C54781F7D4FB16E88D639E360AF45B95FD44134DAAE6E6E8CE2CE44086A0
                    Strings
                    • oseWrite called before handshake completetls: CurvePreferences includes unsupported curvewindows: string with NUL passed to StringToUTF16x509: IP constraint contained value of length %dx509: SAN uniformResourceIdentifier is malformedx509: X25519 key encoded wi, xrefs: 00000188C5425E33
                    • etersx509: internal error: URI SAN %q failed to parsex509: internal error: cannot parse constraint %qx509: public key contains zero or negative value (Client.Timeout exceeded while awaiting headers)SOS length inconsistent with number of componentscasgstatus: w, xrefs: 00000188C5425D2F
                    • ve value (Client.Timeout exceeded while awaiting headers)SOS length inconsistent with number of componentscasgstatus: waiting for Gwaiting but is Grunnablechacha20poly1305: bad nonce length passed to Openchacha20poly1305: bad nonce length passed to Sealcrypto/, xrefs: 00000188C5425C92
                    • call: string with NUL passed to StringToUTF16tls: CloseWrite called before handshake completetls: CurvePreferences includes unsupported curvewindows: string with NUL passed to StringToUTF16x509: IP constraint contained value of length %dx509: SAN uniformResour, xrefs: 00000188C5425E67
                    • AppendFloat/FormatFloat bitSizesyscall: string with NUL passed to StringToUTF16tls: CloseWrite called before handshake completetls: CurvePreferences includes unsupported curvewindows: string with NUL passed to StringToUTF16x509: IP constraint contained value o, xrefs: 00000188C5425E89
                    • a20poly1305: bad nonce length passed to Openchacha20poly1305: bad nonce length passed to Sealcrypto/elliptic: internal error: invalid encodingcrypto/tls: ExportKeyingMaterial context too longdelayed zeroing on data that may contain pointersecdsa: internal erro, xrefs: 00000188C5425C02
                    • to StringToUTF16tls: CloseWrite called before handshake completetls: CurvePreferences includes unsupported curvewindows: string with NUL passed to StringToUTF16x509: IP constraint contained value of length %dx509: SAN uniformResourceIdentifier is malformedx50, xrefs: 00000188C5425E53
                    • hake completetls: CurvePreferences includes unsupported curvewindows: string with NUL passed to StringToUTF16x509: IP constraint contained value of length %dx509: SAN uniformResourceIdentifier is malformedx509: X25519 key encoded with illegal parametersx509: i, xrefs: 00000188C5425E27
                    • tetls: CurvePreferences includes unsupported curvewindows: string with NUL passed to StringToUTF16x509: IP constraint contained value of length %dx509: SAN uniformResourceIdentifier is malformedx509: X25519 key encoded with illegal parametersx509: internal err, xrefs: 00000188C5425E1C
                    Memory Dump Source
                    • Source File: 00000000.00000002.2361158172.00000188C5400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000188C5400000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_188c5400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID: to StringToUTF16tls: CloseWrite called before handshake completetls: CurvePreferences includes unsupported curvewindows: string with NUL passed to StringToUTF16x509: IP constraint contained value of length %dx509: SAN uniformResourceIdentifier is malformedx50$AppendFloat/FormatFloat bitSizesyscall: string with NUL passed to StringToUTF16tls: CloseWrite called before handshake completetls: CurvePreferences includes unsupported curvewindows: string with NUL passed to StringToUTF16x509: IP constraint contained value o$a20poly1305: bad nonce length passed to Openchacha20poly1305: bad nonce length passed to Sealcrypto/elliptic: internal error: invalid encodingcrypto/tls: ExportKeyingMaterial context too longdelayed zeroing on data that may contain pointersecdsa: internal erro$call: string with NUL passed to StringToUTF16tls: CloseWrite called before handshake completetls: CurvePreferences includes unsupported curvewindows: string with NUL passed to StringToUTF16x509: IP constraint contained value of length %dx509: SAN uniformResour$etersx509: internal error: URI SAN %q failed to parsex509: internal error: cannot parse constraint %qx509: public key contains zero or negative value (Client.Timeout exceeded while awaiting headers)SOS length inconsistent with number of componentscasgstatus: w$hake completetls: CurvePreferences includes unsupported curvewindows: string with NUL passed to StringToUTF16x509: IP constraint contained value of length %dx509: SAN uniformResourceIdentifier is malformedx509: X25519 key encoded with illegal parametersx509: i$oseWrite called before handshake completetls: CurvePreferences includes unsupported curvewindows: string with NUL passed to StringToUTF16x509: IP constraint contained value of length %dx509: SAN uniformResourceIdentifier is malformedx509: X25519 key encoded wi$tetls: CurvePreferences includes unsupported curvewindows: string with NUL passed to StringToUTF16x509: IP constraint contained value of length %dx509: SAN uniformResourceIdentifier is malformedx509: X25519 key encoded with illegal parametersx509: internal err$ve value (Client.Timeout exceeded while awaiting headers)SOS length inconsistent with number of componentscasgstatus: waiting for Gwaiting but is Grunnablechacha20poly1305: bad nonce length passed to Openchacha20poly1305: bad nonce length passed to Sealcrypto/
                    • API String ID: 0-4276343348
                    • Opcode ID: b1d3d88b032958360c0ce146fdfd299a6a50bf90c011fd2e644dba43b254b3ac
                    • Instruction ID: 533454fe697280589f0e9bb988a90a82a16cba421862dbf0acb5e2c13005723d
                    • Opcode Fuzzy Hash: b1d3d88b032958360c0ce146fdfd299a6a50bf90c011fd2e644dba43b254b3ac
                    • Instruction Fuzzy Hash: 0891D270554A1A8FEFA4EB18C4847F973E1FB94301FD4853AE00ACB1AADF34DA4487A1
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: _invalid_parameter_noinfo
                    • String ID: f$p$p
                    • API String ID: 3215553584-1995029353
                    • Opcode ID: c876d15e3c33a122cabd1facda58fdcc2b130b3840e6bc987fe54abbcb4378cd
                    • Instruction ID: 1cb7cb201c94b476613463f869559c0b4f98af8f3d1a5d0ade927619a2fe8ba7
                    • Opcode Fuzzy Hash: c876d15e3c33a122cabd1facda58fdcc2b130b3840e6bc987fe54abbcb4378cd
                    • Instruction Fuzzy Hash: 73127462E0D14386FBA4FA35D0942B9F691FB40758FD44139EAB95F6C8DB3CE48487A0
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: Window$ClientDeferMetricsSystem$BeginMoveRectScreenZoomed
                    • String ID:
                    • API String ID: 465028955-0
                    • Opcode ID: c35b3f6bab4f3070bcc6d2ae081fa95fc04596c9e2aa33b82a8a01b3eb4ce69f
                    • Instruction ID: 657d659337570dfcd66414b6cf441e51f3191cc9529e9518f9c43ab4079c4105
                    • Opcode Fuzzy Hash: c35b3f6bab4f3070bcc6d2ae081fa95fc04596c9e2aa33b82a8a01b3eb4ce69f
                    • Instruction Fuzzy Hash: 25F1B372A086418AEB90EF75C4996ADB7A0FB4478CF400135DE9D6BBD8CF38E554CB90
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: _invalid_parameter_noinfo
                    • String ID:
                    • API String ID: 3215553584-0
                    • Opcode ID: 2ec8eb3e670c3e54767277d007c73f215c944eb6dc41504afc7b0481e7ad3127
                    • Instruction ID: 1778db13f877ba08bf8d3409f864388904e759269a539ec3668100b5e37f9713
                    • Opcode Fuzzy Hash: 2ec8eb3e670c3e54767277d007c73f215c944eb6dc41504afc7b0481e7ad3127
                    • Instruction Fuzzy Hash: 1BC1286290C78241EB91AB269490ABDFB61FB91B84FD54134F96D1F3D5CE7CE84883A0
                    APIs
                    • LoadLibraryExW.KERNEL32(?,?,?,00007FF7F39EC502,?,?,?,00007FF7F39E90B8,?,?,?,00007FF7F39E7EA1), ref: 00007FF7F39EC2D5
                    • GetLastError.KERNEL32(?,?,?,00007FF7F39EC502,?,?,?,00007FF7F39E90B8,?,?,?,00007FF7F39E7EA1), ref: 00007FF7F39EC2E3
                    • LoadLibraryExW.KERNEL32(?,?,?,00007FF7F39EC502,?,?,?,00007FF7F39E90B8,?,?,?,00007FF7F39E7EA1), ref: 00007FF7F39EC30D
                    • FreeLibrary.KERNEL32(?,?,?,00007FF7F39EC502,?,?,?,00007FF7F39E90B8,?,?,?,00007FF7F39E7EA1), ref: 00007FF7F39EC37B
                    • GetProcAddress.KERNEL32(?,?,?,00007FF7F39EC502,?,?,?,00007FF7F39E90B8,?,?,?,00007FF7F39E7EA1), ref: 00007FF7F39EC387
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: Library$Load$AddressErrorFreeLastProc
                    • String ID: api-ms-
                    • API String ID: 2559590344-2084034818
                    • Opcode ID: 70f12e52c6dd1fb8f20e75cb5676e27c44a96648c7f565b7c3fbbed5772e8bed
                    • Instruction ID: bfdee8629d6a733b8e3bc1ee2334d56b88a76721973f7975f9629f3f5087dc1a
                    • Opcode Fuzzy Hash: 70f12e52c6dd1fb8f20e75cb5676e27c44a96648c7f565b7c3fbbed5772e8bed
                    • Instruction Fuzzy Hash: 2B31A021A0E64291EF95FB069440569B294BF08BA8F891634ED7D2F3D4DF3CE4858AB1
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                    • String ID: CONOUT$
                    • API String ID: 3230265001-3130406586
                    • Opcode ID: 6837787b0912a6fea3ad6f0e14e8edb6b8a2e7f746b6d53242789827802a68ce
                    • Instruction ID: e2701623b58eeda9574e98defb9c521b798a95c57cdeda7a7b0416438d46b13f
                    • Opcode Fuzzy Hash: 6837787b0912a6fea3ad6f0e14e8edb6b8a2e7f746b6d53242789827802a68ce
                    • Instruction Fuzzy Hash: 2F117271A18A4182E790AB57A844725B7A4FB48BE4F404234FA2D9F7D4CF7CD4448B90
                    APIs
                    • GetModuleHandleW.KERNEL32(?,?,?,00007FF7F3A0D244,?,?,?,00007FF7F3A0D67D), ref: 00007FF7F3A0D2FF
                    • GetProcAddress.KERNEL32(?,?,?,00007FF7F3A0D244,?,?,?,00007FF7F3A0D67D), ref: 00007FF7F3A0D31C
                    • GetProcAddress.KERNEL32(?,?,?,00007FF7F3A0D244,?,?,?,00007FF7F3A0D67D), ref: 00007FF7F3A0D338
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: AddressProc$HandleModule
                    • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                    • API String ID: 667068680-1718035505
                    • Opcode ID: 3dad6a8de06e7547252c1284ba7fe8c53cac549954dcbf9c7c936efd1a5495f1
                    • Instruction ID: 1e2df6993e836d39b6124cc655e141213f7b4b082b959e260a1e88aa246051dc
                    • Opcode Fuzzy Hash: 3dad6a8de06e7547252c1284ba7fe8c53cac549954dcbf9c7c936efd1a5495f1
                    • Instruction Fuzzy Hash: ED11E8A2A0DB0285EFD1BB33A950975F2906F04790FC85435E83D6E3D4EF6CA44596B2
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: wprintf
                    • String ID: SIBLING:%p$%s:%i,%s(%i)$SELF:%p
                    • API String ID: 3614878089-3476456547
                    • Opcode ID: 929ea42d22360aaf8ac35f5342f7fcf6d4ea5cb0104e5288b00cd4d2571bffd5
                    • Instruction ID: b6794e823559e898ad16a941ea306d568c84204ea72a0933cbbab8f7c927c8a6
                    • Opcode Fuzzy Hash: 929ea42d22360aaf8ac35f5342f7fcf6d4ea5cb0104e5288b00cd4d2571bffd5
                    • Instruction Fuzzy Hash: 7B016526A18A4680DF40FB16E45047DB760FB84BC8B854431EEAC6B7A6CF3CD541CB90
                    Strings
                    • ot presenticmp node information responseillegal window increment valuein exponent of numeric literalinappropriate ioctl for deviceinvalid network interface nameinvalid pointer found on stacklooking for beginning of valuemime: duplicate parameter namemissing va, xrefs: 00000188C542CE22
                    • 0: invalid buffer overlapchacha20poly1305: bad key lengthcrypto/aes: input not full blockcrypto/des: input not full blockcrypto/ecdh: invalid private keyed25519: bad public key length: frame_windowupdate_zero_inc_conngo package net: hostLookupOrder(in literal , xrefs: 00000188C542CD5D
                    • ge sizeframe_continuation_zero_streamframe_settings_ack_with_lengthfreedefer with d._panic != nilhttp2: decoded hpack field %+vhttp: named cookie not presenticmp node information responseillegal window increment valuein exponent of numeric literalinappropriate, xrefs: 00000188C542CECD
                    • acklooking for beginning of valuemime: duplicate parameter namemissing validateFirstLine funcmulticast router advertisementmultipart/form-data; boundary=notetsleep - waitm out of syncpersistConn was already in LRUprocess does not have childrenprotocol version , xrefs: 00000188C542CD7F
                    • w increment valuein exponent of numeric literalinappropriate ioctl for deviceinvalid network interface nameinvalid pointer found on stacklooking for beginning of valuemime: duplicate parameter namemissing validateFirstLine funcmulticast router advertisementmul, xrefs: 00000188C542CE05
                    • unebufio: tried to fill full buffercannot represent time as UTCTimechacha20: invalid buffer overlapchacha20poly1305: bad key lengthcrypto/aes: input not full blockcrypto/des: input not full blockcrypto/ecdh: invalid private keyed25519: bad public key length: f, xrefs: 00000188C542CDA7
                    • ationProcess64WSAGetOverlappedResult not found" not supported for cpu option "access-control-allow-credentialsbufio: invalid use of UnreadBytebufio: invalid use of UnreadRunebufio: tried to fill full buffercannot represent time as UTCTimechacha20: invalid buff, xrefs: 00000188C542CE52
                    • WSAGetOverlappedResult not found" not supported for cpu option "access-control-allow-credentialsbufio: invalid use of UnreadBytebufio: invalid use of UnreadRunebufio: tried to fill full buffercannot represent time as UTCTimechacha20: invalid buffer overlapchac, xrefs: 00000188C542CE44
                    Memory Dump Source
                    • Source File: 00000000.00000002.2361158172.00000188C5400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000188C5400000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_188c5400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID: 0: invalid buffer overlapchacha20poly1305: bad key lengthcrypto/aes: input not full blockcrypto/des: input not full blockcrypto/ecdh: invalid private keyed25519: bad public key length: frame_windowupdate_zero_inc_conngo package net: hostLookupOrder(in literal $WSAGetOverlappedResult not found" not supported for cpu option "access-control-allow-credentialsbufio: invalid use of UnreadBytebufio: invalid use of UnreadRunebufio: tried to fill full buffercannot represent time as UTCTimechacha20: invalid buffer overlapchac$acklooking for beginning of valuemime: duplicate parameter namemissing validateFirstLine funcmulticast router advertisementmultipart/form-data; boundary=notetsleep - waitm out of syncpersistConn was already in LRUprocess does not have childrenprotocol version $ationProcess64WSAGetOverlappedResult not found" not supported for cpu option "access-control-allow-credentialsbufio: invalid use of UnreadBytebufio: invalid use of UnreadRunebufio: tried to fill full buffercannot represent time as UTCTimechacha20: invalid buff$ge sizeframe_continuation_zero_streamframe_settings_ack_with_lengthfreedefer with d._panic != nilhttp2: decoded hpack field %+vhttp: named cookie not presenticmp node information responseillegal window increment valuein exponent of numeric literalinappropriate$ot presenticmp node information responseillegal window increment valuein exponent of numeric literalinappropriate ioctl for deviceinvalid network interface nameinvalid pointer found on stacklooking for beginning of valuemime: duplicate parameter namemissing va$unebufio: tried to fill full buffercannot represent time as UTCTimechacha20: invalid buffer overlapchacha20poly1305: bad key lengthcrypto/aes: input not full blockcrypto/des: input not full blockcrypto/ecdh: invalid private keyed25519: bad public key length: f$w increment valuein exponent of numeric literalinappropriate ioctl for deviceinvalid network interface nameinvalid pointer found on stacklooking for beginning of valuemime: duplicate parameter namemissing validateFirstLine funcmulticast router advertisementmul
                    • API String ID: 0-2227182728
                    • Opcode ID: a97362f89a225f1012a22bc014ac8ff1474d1fe9f0edb04f389b8c0401ab79fa
                    • Instruction ID: 1a6cb468b7c1a13838a25c08f759642601d7e22714999346e6937af63e561acc
                    • Opcode Fuzzy Hash: a97362f89a225f1012a22bc014ac8ff1474d1fe9f0edb04f389b8c0401ab79fa
                    • Instruction Fuzzy Hash: 92514F70548F1C8FDB90EF18C88479AB7E1FBA8301F95891EA489D3265DF74E944CB62
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: _invalid_parameter_noinfo
                    • String ID:
                    • API String ID: 3215553584-0
                    • Opcode ID: 746fd2b2a63f51648d75cd52c41df361fdd6e9f85a700e447daacf644b70d2ec
                    • Instruction ID: afe6e2c885292839bb6e9b25960c314b63e227d2e5064fdbef3ae3e649f23264
                    • Opcode Fuzzy Hash: 746fd2b2a63f51648d75cd52c41df361fdd6e9f85a700e447daacf644b70d2ec
                    • Instruction Fuzzy Hash: 0751606290D68689E792FF2490502BDB7A19F45F4CFC49131D6AC1F3C6CE2E9486C7B2
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: ErrorLast
                    • String ID: GetFileVersionInfoSizeW$GetFileVersionInfoW$VerQueryValueW$\StringFileInfo\040904B0\ProductVersion
                    • API String ID: 1452528299-1241276684
                    • Opcode ID: cb1be5ed847fc57edd4554973fe107016be8f3f8c151a9ba06373238ef0411ec
                    • Instruction ID: 08fe2de9e519ea348437a0a790474e14085dee732cc46ad4103794cc232fd6c4
                    • Opcode Fuzzy Hash: cb1be5ed847fc57edd4554973fe107016be8f3f8c151a9ba06373238ef0411ec
                    • Instruction Fuzzy Hash: 97419121A18A4785FB91FB16E8006F9E2D4AF44BD4FC44131ED6D6B3D5EE2CD5018BE4
                    APIs
                    • GetCurrentThreadId.KERNEL32 ref: 00007FF7F39E6951
                    • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,00007FF7F39E6891,?,?,00000006,00007FF7F39D1777), ref: 00007FF7F39E6970
                    • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,00007FF7F39E6891,?,?,00000006,00007FF7F39D1777), ref: 00007FF7F39E6992
                    • sys_get_time.LIBCPMT ref: 00007FF7F39E69AD
                    • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,00007FF7F39E6891,?,?,00000006,00007FF7F39D1777), ref: 00007FF7F39E69D3
                    • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,00007FF7F39E6891,?,?,00000006,00007FF7F39D1777), ref: 00007FF7F39E69EB
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: AcquireExclusiveLock$CurrentThreadsys_get_time
                    • String ID:
                    • API String ID: 184115430-0
                    • Opcode ID: 8275e9ec27228160463ecffae937bf19353686b12ad9b70e917b503a5320451c
                    • Instruction ID: 8c395cb1634fae2b9136d944b2d29f8f65105aebca623f1da2a9815e2a584d07
                    • Opcode Fuzzy Hash: 8275e9ec27228160463ecffae937bf19353686b12ad9b70e917b503a5320451c
                    • Instruction Fuzzy Hash: C9412D32E0C64286E7A4EF15D540238F360FB14758F804235D67D6A6D9DF3CE895CBA2
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: Window$BrushColorCreateForegroundMessageModePostProcQuitSolidText
                    • String ID:
                    • API String ID: 727704396-0
                    • Opcode ID: 21dacf98c1e13bee4d55a0dca1443a594efedb2c5d85a1548a570f1fa2da5d74
                    • Instruction ID: bf1738c286198c8543ad5ba3c1997c8f56bf56f5db02912315a8fd5ff5c32e49
                    • Opcode Fuzzy Hash: 21dacf98c1e13bee4d55a0dca1443a594efedb2c5d85a1548a570f1fa2da5d74
                    • Instruction Fuzzy Hash: 76316121A0C54381F7D4FB5A9944239E650AF44BD8F944131D96D6B7F9CD2CE8428FA0
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: File$AttributesEnableFromInfoItemListMessagePathSendWindow
                    • String ID:
                    • API String ID: 2133604253-0
                    • Opcode ID: f636b11308cfa880d524147e46377a75ce517296e27937cfd4c29d161ef91340
                    • Instruction ID: c82201051bb9c7248e71c81c7ea8684fde0e85a49dc9f79344afcbf203c8833f
                    • Opcode Fuzzy Hash: f636b11308cfa880d524147e46377a75ce517296e27937cfd4c29d161ef91340
                    • Instruction Fuzzy Hash: 40218121A1864242F7A0FB22E8547BAA391FF88799FC44030ED5D5A6D8DF3CE445CFA0
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2361158172.00000188C5400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000188C5400000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_188c5400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID: debu$debu$debu$debu$debu$l655$runt
                    • API String ID: 0-120812121
                    • Opcode ID: 413301366dd4ae953af021c69ccfaafc57a3559e2f1e951ebb58ef8d1e1f9dce
                    • Instruction ID: 3f7f01da67b82731961cfc269b21912e1e8ba1f53bc8a3cfa719b6b9b63ef8b4
                    • Opcode Fuzzy Hash: 413301366dd4ae953af021c69ccfaafc57a3559e2f1e951ebb58ef8d1e1f9dce
                    • Instruction Fuzzy Hash: C8A184B05889498EEEA4AB14D0987E47BF0FBD5354FF4C969E006C349ADF319A80C772
                    Strings
                    • t a stack addressafter object key:value pairbinary.Write: invalid type boringcrypto: not availablechannel number out of rangecipher: incorrect length IVcommunication error on sendcould not find QPC syscallscryptobyte: length overflowcurrent time %s is after %s, xrefs: 00000188C542EB6C
                    • StoreChangeWindowMessageFilterExCurveP256CurveP384CurveP521DATA frame with stream ID 0Easter Island Standard TimeFindCloseChangeNotificationG waiting list is corruptedGdipCreateBitmapFromHBITMAPGdipCreateHBITMAPFromBitmapGetSecurityDescriptorLengthGetUserPrefe, xrefs: 00000188C542ED61
                    • DriverInfoDetailWStartServiceCtrlDispatcherWaccess-control-allow-originaddress not a stack addressafter object key:value pairbinary.Write: invalid type boringcrypto: not availablechannel number out of rangecipher: incorrect length IVcommunication error on send, xrefs: 00000188C542EBBD
                    • uagesIPv6 field has value >=2^16NAF digits must fit in int8PdhGetFormattedCounterValueSetupDiClassNameFromGuidExWSetupDiGetDeviceInstanceIdWSetupDiGetDriverInfoDetailWStartServiceCtrlDispatcherWaccess-control-allow-originaddress not a stack addressafter object, xrefs: 00000188C542EC53
                    • 256CurveP384CurveP521DATA frame with stream ID 0Easter Island Standard TimeFindCloseChangeNotificationG waiting list is corruptedGdipCreateBitmapFromHBITMAPGdipCreateHBITMAPFromBitmapGetSecurityDescriptorLengthGetUserPreferredUILanguagesIPv6 field has value >=, xrefs: 00000188C542ED3B
                    • scriptorLengthGetUserPreferredUILanguagesIPv6 field has value >=2^16NAF digits must fit in int8PdhGetFormattedCounterValueSetupDiClassNameFromGuidExWSetupDiGetDeviceInstanceIdWSetupDiGetDriverInfoDetailWStartServiceCtrlDispatcherWaccess-control-allow-originadd, xrefs: 00000188C542EC77
                    • pDiClassNameFromGuidExWSetupDiGetDeviceInstanceIdWSetupDiGetDriverInfoDetailWStartServiceCtrlDispatcherWaccess-control-allow-originaddress not a stack addressafter object key:value pairbinary.Write: invalid type boringcrypto: not availablechannel number out of, xrefs: 00000188C542EBF9
                    Memory Dump Source
                    • Source File: 00000000.00000002.2361158172.00000188C5400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000188C5400000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_188c5400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID: 256CurveP384CurveP521DATA frame with stream ID 0Easter Island Standard TimeFindCloseChangeNotificationG waiting list is corruptedGdipCreateBitmapFromHBITMAPGdipCreateHBITMAPFromBitmapGetSecurityDescriptorLengthGetUserPreferredUILanguagesIPv6 field has value >=$DriverInfoDetailWStartServiceCtrlDispatcherWaccess-control-allow-originaddress not a stack addressafter object key:value pairbinary.Write: invalid type boringcrypto: not availablechannel number out of rangecipher: incorrect length IVcommunication error on send$StoreChangeWindowMessageFilterExCurveP256CurveP384CurveP521DATA frame with stream ID 0Easter Island Standard TimeFindCloseChangeNotificationG waiting list is corruptedGdipCreateBitmapFromHBITMAPGdipCreateHBITMAPFromBitmapGetSecurityDescriptorLengthGetUserPrefe$pDiClassNameFromGuidExWSetupDiGetDeviceInstanceIdWSetupDiGetDriverInfoDetailWStartServiceCtrlDispatcherWaccess-control-allow-originaddress not a stack addressafter object key:value pairbinary.Write: invalid type boringcrypto: not availablechannel number out of$scriptorLengthGetUserPreferredUILanguagesIPv6 field has value >=2^16NAF digits must fit in int8PdhGetFormattedCounterValueSetupDiClassNameFromGuidExWSetupDiGetDeviceInstanceIdWSetupDiGetDriverInfoDetailWStartServiceCtrlDispatcherWaccess-control-allow-originadd$t a stack addressafter object key:value pairbinary.Write: invalid type boringcrypto: not availablechannel number out of rangecipher: incorrect length IVcommunication error on sendcould not find QPC syscallscryptobyte: length overflowcurrent time %s is after %s$uagesIPv6 field has value >=2^16NAF digits must fit in int8PdhGetFormattedCounterValueSetupDiClassNameFromGuidExWSetupDiGetDeviceInstanceIdWSetupDiGetDriverInfoDetailWStartServiceCtrlDispatcherWaccess-control-allow-originaddress not a stack addressafter object
                    • API String ID: 0-1591223661
                    • Opcode ID: f5df9a4cd00b66b21735007590255b26ebdffc159e9b05c9b21af6a9a4e883e0
                    • Instruction ID: 6e73857de4b901a7c1473ad0fbe33b5965827a7e2f69aced048363f748c8a763
                    • Opcode Fuzzy Hash: f5df9a4cd00b66b21735007590255b26ebdffc159e9b05c9b21af6a9a4e883e0
                    • Instruction Fuzzy Hash: 19818170518E1C8FDF50EF298444AA6B7E0FF68310FA54B59B499E32A5CF34F9808792
                    Strings
                    • n-empty pointer map passed for non-pointer-size valuesprofilealloc called without a P or outside bootstrappingptrEncoder.encode should have emptied ptrSeen via defersstrings: illegal use of non-zero Builder copied by valuex509: internal error: empty chain when, xrefs: 00000188C5424BCE
                    • on-pointer-size valuesprofilealloc called without a P or outside bootstrappingptrEncoder.encode should have emptied ptrSeen via defersstrings: illegal use of non-zero Builder copied by valuex509: internal error: empty chain when appending CA cert (set GODEBUG=, xrefs: 00000188C5424BBE
                    • torToSecurityDescriptorWcasfrom_Gscanstatus: gp->status is not in scan statecrypto/rsa: PSSOptions.SaltLength cannot be negativehttp2: Transport readFrame error on conn %p: (%T) %vmallocgc called without a P or outside bootstrappingprotocol error: received DAT, xrefs: 00000188C5424A86
                    • of non-zero Builder copied by valuex509: internal error: empty chain when appending CA cert (set GODEBUG=execwait=2 to capture stacks for debugging)cannot run executable found relative to current directorycolumns on left (%d) is different than rows on right (, xrefs: 00000188C5424B1C
                    • r selected unsupported compression formattls: server's identity changed during renegotiationvalid shards and fill shards are mutually exclusivex509: certificate has expired or is not yet valid: ConvertSecurityDescriptorToStringSecurityDescriptorWConvertStringS, xrefs: 00000188C5424B98
                    • Mark expecting to see gcphase as _GCmarkterminationnon-empty pointer map passed for non-pointer-size valuesprofilealloc called without a P or outside bootstrappingptrEncoder.encode should have emptied ptrSeen via defersstrings: illegal use of non-zero Builder , xrefs: 00000188C5424C0B
                    • map passed for non-pointer-size valuesprofilealloc called without a P or outside bootstrappingptrEncoder.encode should have emptied ptrSeen via defersstrings: illegal use of non-zero Builder copied by valuex509: internal error: empty chain when appending CA ce, xrefs: 00000188C5424BC6
                    Memory Dump Source
                    • Source File: 00000000.00000002.2361158172.00000188C5400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000188C5400000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_188c5400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID: of non-zero Builder copied by valuex509: internal error: empty chain when appending CA cert (set GODEBUG=execwait=2 to capture stacks for debugging)cannot run executable found relative to current directorycolumns on left (%d) is different than rows on right ($Mark expecting to see gcphase as _GCmarkterminationnon-empty pointer map passed for non-pointer-size valuesprofilealloc called without a P or outside bootstrappingptrEncoder.encode should have emptied ptrSeen via defersstrings: illegal use of non-zero Builder $map passed for non-pointer-size valuesprofilealloc called without a P or outside bootstrappingptrEncoder.encode should have emptied ptrSeen via defersstrings: illegal use of non-zero Builder copied by valuex509: internal error: empty chain when appending CA ce$n-empty pointer map passed for non-pointer-size valuesprofilealloc called without a P or outside bootstrappingptrEncoder.encode should have emptied ptrSeen via defersstrings: illegal use of non-zero Builder copied by valuex509: internal error: empty chain when$on-pointer-size valuesprofilealloc called without a P or outside bootstrappingptrEncoder.encode should have emptied ptrSeen via defersstrings: illegal use of non-zero Builder copied by valuex509: internal error: empty chain when appending CA cert (set GODEBUG=$r selected unsupported compression formattls: server's identity changed during renegotiationvalid shards and fill shards are mutually exclusivex509: certificate has expired or is not yet valid: ConvertSecurityDescriptorToStringSecurityDescriptorWConvertStringS$torToSecurityDescriptorWcasfrom_Gscanstatus: gp->status is not in scan statecrypto/rsa: PSSOptions.SaltLength cannot be negativehttp2: Transport readFrame error on conn %p: (%T) %vmallocgc called without a P or outside bootstrappingprotocol error: received DAT
                    • API String ID: 0-4240268905
                    • Opcode ID: 673a81177d9741c74b709cf3137b68a555ceb7a506a98e6fcbb705c16293f527
                    • Instruction ID: cb47093ff274a90bbdbcded2034c3985ce7f62a6d648e8ecb17735b298ebadb1
                    • Opcode Fuzzy Hash: 673a81177d9741c74b709cf3137b68a555ceb7a506a98e6fcbb705c16293f527
                    • Instruction Fuzzy Hash: 09616D70558F198FDB94EB18C884BE5B7E0FB68301F84466EE54AC3266DF64D980CBA1
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: Monitor$FromInfo$ParametersRectSystemWindow
                    • String ID: (
                    • API String ID: 2219612158-3887548279
                    • Opcode ID: 9ba552f5774400cbc5dd6e2cd74a1a9f813507db417ab37ac1d21de74ae90ea0
                    • Instruction ID: a8b3012ec44c2e47f6b1e6ba00f3aa0ead09d91f8effe0d598a49cecd0fbe50a
                    • Opcode Fuzzy Hash: 9ba552f5774400cbc5dd6e2cd74a1a9f813507db417ab37ac1d21de74ae90ea0
                    • Instruction Fuzzy Hash: 58218F73F146508EF344DF66E9449ADB7B4FB88B88B848129EE1927B48CF38D451CB50
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: Thread$Current$DescriptionExceptionRaise
                    • String ID: InstallerThread
                    • API String ID: 1951275455-2282375136
                    • Opcode ID: 0ce4fad732eacbf81f9301e87d5b247aa6a85c2f46e2605163a302de8284e91e
                    • Instruction ID: 58e2f45df3b4607bf09c1532aba4e73034162cb0fdd2c0d36f4c5836f3b6010d
                    • Opcode Fuzzy Hash: 0ce4fad732eacbf81f9301e87d5b247aa6a85c2f46e2605163a302de8284e91e
                    • Instruction Fuzzy Hash: AC117721A0D68286E7D4EB56AD0017AE290AF487F4F844335E97DAB7D8DF3CD8418B61
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: AddressFreeHandleLibraryModuleProc
                    • String ID: CorExitProcess$mscoree.dll
                    • API String ID: 4061214504-1276376045
                    • Opcode ID: ee3fe469f492dfe10d1818dfa68861e538e273dbfcc17f884065eafcb5f8cc34
                    • Instruction ID: 361727ba85823bec2939f21a05971882b148af74940eecd5afba705e2c3f103f
                    • Opcode Fuzzy Hash: ee3fe469f492dfe10d1818dfa68861e538e273dbfcc17f884065eafcb5f8cc34
                    • Instruction Fuzzy Hash: 05F04F61A1860682EB94BB25E844739A360AF88775F940335EA7E5D1F8DF2CD548CBA0
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: AdjustPointer
                    • String ID:
                    • API String ID: 1740715915-0
                    • Opcode ID: 317cb977a51eeeb77401f5340ad2b158157812d1c71930e3b2b370dc1a95d4a3
                    • Instruction ID: 00ce68c450cec8610eb793444333e6d9404428222cd7329540734172ed7e643e
                    • Opcode Fuzzy Hash: 317cb977a51eeeb77401f5340ad2b158157812d1c71930e3b2b370dc1a95d4a3
                    • Instruction Fuzzy Hash: 3CB1B322A0D652C1EBE5FB159040679E390AF45F88F858635DE6D2F7C5DE2CE4C183B2
                    APIs
                    • FlsGetValue.KERNEL32(?,?,?,00007FF7F39FAC5F,?,?,00000000,00007FF7F39FAEFA,?,?,?,?,?,00007FF7F39FAE86), ref: 00007FF7F39FC16B
                    • FlsSetValue.KERNEL32(?,?,?,00007FF7F39FAC5F,?,?,00000000,00007FF7F39FAEFA,?,?,?,?,?,00007FF7F39FAE86), ref: 00007FF7F39FC18A
                    • FlsSetValue.KERNEL32(?,?,?,00007FF7F39FAC5F,?,?,00000000,00007FF7F39FAEFA,?,?,?,?,?,00007FF7F39FAE86), ref: 00007FF7F39FC1B2
                    • FlsSetValue.KERNEL32(?,?,?,00007FF7F39FAC5F,?,?,00000000,00007FF7F39FAEFA,?,?,?,?,?,00007FF7F39FAE86), ref: 00007FF7F39FC1C3
                    • FlsSetValue.KERNEL32(?,?,?,00007FF7F39FAC5F,?,?,00000000,00007FF7F39FAEFA,?,?,?,?,?,00007FF7F39FAE86), ref: 00007FF7F39FC1D4
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: Value
                    • String ID:
                    • API String ID: 3702945584-0
                    • Opcode ID: 1c9af036815d1c1eaadf02ddaa554fe67ebb579387234fea5ecf371d8f5e1984
                    • Instruction ID: 500b90229d04890002f0560ddd877d25cad847f180d854b2009ab312243a7658
                    • Opcode Fuzzy Hash: 1c9af036815d1c1eaadf02ddaa554fe67ebb579387234fea5ecf371d8f5e1984
                    • Instruction Fuzzy Hash: AD115920B0D64241FBD8F77AB95157AE1419F447A8F988334E83D6E7C6DE2CF4118AA0
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: CallEncodePointerTranslator
                    • String ID: MOC$RCC
                    • API String ID: 3544855599-2084237596
                    • Opcode ID: d7eb1adbf9936f5fb76c50a666472f463350fbe0617b8695efdf505457e6ca43
                    • Instruction ID: 55b18ac4571c1d5a3fc56b6ced562f951fcec41aec6b130946fb6a6cd5cd746e
                    • Opcode Fuzzy Hash: d7eb1adbf9936f5fb76c50a666472f463350fbe0617b8695efdf505457e6ca43
                    • Instruction Fuzzy Hash: 3D91B373A087818AE790DB65E8402ADB7A0F74478CF504225EA5C2BB95DF3CD195CB61
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: CallEncodePointerTranslator
                    • String ID: MOC$RCC
                    • API String ID: 3544855599-2084237596
                    • Opcode ID: 3dc5e78eebc4360a240ab1bb111ac6ad4a7d1b7251ad7a57b52cf9993e5a84e4
                    • Instruction ID: 11403e426281bee0b8d3511a7d4312137af0a8c3b5421679ec04d6cda0f3e7b9
                    • Opcode Fuzzy Hash: 3dc5e78eebc4360a240ab1bb111ac6ad4a7d1b7251ad7a57b52cf9993e5a84e4
                    • Instruction Fuzzy Hash: E161933290CBC585D7A0EB15E4407A9B7A0FB85B98F444225EBAC1BBA5DF7CD0D0CB61
                    APIs
                      • Part of subcall function 00007FF7F39C20FC: GetLastError.KERNEL32(?,?,-5555555555555556,?,BrowserExecutableFolder,00007FF7F39C2587), ref: 00007FF7F39C21D1
                      • Part of subcall function 00007FF7F39C20FC: CoTaskMemFree.OLE32(?,?,-5555555555555556,?,BrowserExecutableFolder,00007FF7F39C2587), ref: 00007FF7F39C21EA
                      • Part of subcall function 00007FF7F39C10EB: GetModuleFileNameW.KERNEL32 ref: 00007FF7F39C1123
                      • Part of subcall function 00007FF7F39C10EB: GetLastError.KERNEL32 ref: 00007FF7F39C113A
                      • Part of subcall function 00007FF7F39C10EB: GetModuleFileNameW.KERNEL32 ref: 00007FF7F39C116E
                    • RegOpenKeyExW.ADVAPI32 ref: 00007FF7F39C267F
                    • RegCloseKey.ADVAPI32 ref: 00007FF7F39C2711
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: ErrorFileLastModuleName$CloseFreeOpenTask
                    • String ID: BrowserExecutableFolder$Software\Policies\Microsoft\Edge\WebView2\
                    • API String ID: 3468179963-136435702
                    • Opcode ID: 18691fc299a43198594db57bb034e8d7e2a88800be216182987d539e52c3e27f
                    • Instruction ID: be3752d44c7fcf8806fc4c8a0b11c53d7c8969e5bde45fd85d45d3047e18f51f
                    • Opcode Fuzzy Hash: 18691fc299a43198594db57bb034e8d7e2a88800be216182987d539e52c3e27f
                    • Instruction Fuzzy Hash: 40516521A1C64241EB90FB15A5512BAE3A0BF947C8FC04131EE9D6B7D6DF3CE546CB90
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: MessageSend$LongWindow
                    • String ID: Minimal
                    • API String ID: 312131281-2408237846
                    • Opcode ID: b78db4671f18af37c64780bc048ce201e6460c5628dc7010fd37ac79df8f35b8
                    • Instruction ID: cdcb2016dd6a862ec1faac06110fc60517a152f9c2268126f6266b6c0043ac44
                    • Opcode Fuzzy Hash: b78db4671f18af37c64780bc048ce201e6460c5628dc7010fd37ac79df8f35b8
                    • Instruction Fuzzy Hash: 2131B9327046014BDB90EB5AE494A6AB3A1EFC8794F940031EFAD97B95DE3DD441CB50
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: CreateFontIndirectInfoParametersSystem_invalid_parameter_noinfo
                    • String ID: auto$automatic
                    • API String ID: 2619124251-1510859630
                    • Opcode ID: a87af85841952210a747a84de60d71e6054485d769730e95fd4cfb8940969708
                    • Instruction ID: 437e5aba50a505a8efb0b53850c96ca9940b5f2f8d06e551919f2cb7b322ad9e
                    • Opcode Fuzzy Hash: a87af85841952210a747a84de60d71e6054485d769730e95fd4cfb8940969708
                    • Instruction Fuzzy Hash: 89212561B0D24241FBE0FB26A4567FAE290AF80784FC41131D97E2F6C6DE3CD4018BA0
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: snprintf
                    • String ID: %s:%i,%i:%i,%i/%p%s$none$none
                    • API String ID: 4288800496-3122097318
                    • Opcode ID: 5fa9bf5b9b9df943bb026303cecdaab4eb4a3bdd49e92bbe9e2e34847b8f50ce
                    • Instruction ID: 43e6ca6e5c5bb7d9b84b820ca8fdb05955bc1da7293817c7d121e5c7beadbb59
                    • Opcode Fuzzy Hash: 5fa9bf5b9b9df943bb026303cecdaab4eb4a3bdd49e92bbe9e2e34847b8f50ce
                    • Instruction Fuzzy Hash: 1F21A936A04B0685EB80EF16E480569B360FB88FD4B958532EE5D273A4DF3CC942CB90
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: CloseInfoOpenQuery
                    • String ID: .pdf
                    • API String ID: 2142960691-2417493391
                    • Opcode ID: ed4bd2bba1ca3fb6c64d2f4e2706dcd515293f0b1b804584ad5609e85d702d09
                    • Instruction ID: 46bfdf0a93a60b8273eddee861f1365e6270a6dfdf458dfa742ada99ea6996ba
                    • Opcode Fuzzy Hash: ed4bd2bba1ca3fb6c64d2f4e2706dcd515293f0b1b804584ad5609e85d702d09
                    • Instruction Fuzzy Hash: CE21EA22A1C68382FBB0E621E40577AD250FF957D8F804231D9AE1AAD5DF2CD0458F50
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: Window$Show
                    • String ID: &Options$6$Hide &Options
                    • API String ID: 990937876-984613216
                    • Opcode ID: dccaf44aef8e35c4bdfb92fedd773a9a11b36ed360571dd0c372d944abecceb0
                    • Instruction ID: 18c8cae5754334792927aafe10f139511a81a6f0a55b58a7e0f9d9313f1a3482
                    • Opcode Fuzzy Hash: dccaf44aef8e35c4bdfb92fedd773a9a11b36ed360571dd0c372d944abecceb0
                    • Instruction Fuzzy Hash: F8215532608A4292DB50FB26E4915A9B360FBC57D4B401031EFAD5FB96CF2DE419CB50
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: wprintf
                    • String ID: %s<%i$%s>
                    • API String ID: 3614878089-320744420
                    • Opcode ID: 415bc3a60bf73e6e2c66ed253bcf1a033d47cdb1778d0868fd3183ef7ae021bc
                    • Instruction ID: 7ab74979e27ca5efa0f2ae7b1451f91363d5d4c3456054b130644dd5bbadc365
                    • Opcode Fuzzy Hash: 415bc3a60bf73e6e2c66ed253bcf1a033d47cdb1778d0868fd3183ef7ae021bc
                    • Instruction Fuzzy Hash: 76F01266704E4A80EF85FB26D4915787320BF95FC8F849032D95E5B3E6DE2CD484CB91
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: wprintf
                    • String ID: %s{%i$%s}
                    • API String ID: 3614878089-1924749804
                    • Opcode ID: c90eb46e0c235d1af7fda73e59e54459b8d4fba1b6834bc66e1e4118847d217a
                    • Instruction ID: dacc66411611ee3dbaaab61e6123b6aaffbac6df1fe879c6974688f73c9f324a
                    • Opcode Fuzzy Hash: c90eb46e0c235d1af7fda73e59e54459b8d4fba1b6834bc66e1e4118847d217a
                    • Instruction Fuzzy Hash: BEF01266705D4A80EF85FB26D491578B320BF95FC8F849032DA5E6B3A6CF2CD494CB90
                    Strings
                    • statesync: unlock of unlocked mutextext/javascript; charset=utf-8trailing garbage after addresstransform: short source bufferunsafe.Slice: len out of rangewinpty_config_set_initial_sizex509: SAN dNSName is malformedx509: invalid ECDSA parametersx509: malforme, xrefs: 00000188C542CB66
                    • ueIDyear outside of range [0,9999].lib section in a.out corrupted11368683772161602973937988281255684341886080801486968994140625CLIENT_HANDSHAKE_TRAFFIC_SECRETCentral Brazilian Standard TimeCertDuplicateCertificateContextError getting stdout handle. %sMountain , xrefs: 00000188C542CA56
                    • xtext/javascript; charset=utf-8trailing garbage after addresstransform: short source bufferunsafe.Slice: len out of rangewinpty_config_set_initial_sizex509: SAN dNSName is malformedx509: invalid ECDSA parametersx509: malformed issuerUniqueIDyear outside of ran, xrefs: 00000188C542CB43
                    • 11368683772161602973937988281255684341886080801486968994140625CLIENT_HANDSHAKE_TRAFFIC_SECRETCentral Brazilian Standard TimeCertDuplicateCertificateContextError getting stdout handle. %sMountain Standard Time (Mexico)Network Authentication RequiredPRIORITY fra, xrefs: 00000188C542CA15
                    • undary=notetsleep - waitm out of syncpersistConn was already in LRUprocess does not have childrenprotocol version not supportedprotocol wrong type for socketreflect: Elem of invalid type reflect: Len of non-array typereflect: Out of non-func type runqputslow: , xrefs: 00000188C542CAD5
                    Memory Dump Source
                    • Source File: 00000000.00000002.2361158172.00000188C5400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000188C5400000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_188c5400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID: statesync: unlock of unlocked mutextext/javascript; charset=utf-8trailing garbage after addresstransform: short source bufferunsafe.Slice: len out of rangewinpty_config_set_initial_sizex509: SAN dNSName is malformedx509: invalid ECDSA parametersx509: malforme$11368683772161602973937988281255684341886080801486968994140625CLIENT_HANDSHAKE_TRAFFIC_SECRETCentral Brazilian Standard TimeCertDuplicateCertificateContextError getting stdout handle. %sMountain Standard Time (Mexico)Network Authentication RequiredPRIORITY fra$ueIDyear outside of range [0,9999].lib section in a.out corrupted11368683772161602973937988281255684341886080801486968994140625CLIENT_HANDSHAKE_TRAFFIC_SECRETCentral Brazilian Standard TimeCertDuplicateCertificateContextError getting stdout handle. %sMountain $undary=notetsleep - waitm out of syncpersistConn was already in LRUprocess does not have childrenprotocol version not supportedprotocol wrong type for socketreflect: Elem of invalid type reflect: Len of non-array typereflect: Out of non-func type runqputslow: $xtext/javascript; charset=utf-8trailing garbage after addresstransform: short source bufferunsafe.Slice: len out of rangewinpty_config_set_initial_sizex509: SAN dNSName is malformedx509: invalid ECDSA parametersx509: malformed issuerUniqueIDyear outside of ran
                    • API String ID: 0-1326717622
                    • Opcode ID: 154f85f15196315b955211f0d6595c3a074a90e7f2d38451db297ed093023342
                    • Instruction ID: af31ab258dfc1b8a9bef8901afc471229bae9b742defdc4c26252f9a8e07593a
                    • Opcode Fuzzy Hash: 154f85f15196315b955211f0d6595c3a074a90e7f2d38451db297ed093023342
                    • Instruction Fuzzy Hash: F1A18570558F188FEB60EF18C4443DAB7E1FBA8300F948A59E499D3295DF74E944CBA2
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2361158172.00000188C5400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000188C5400000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_188c5400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID: .$gopa$runt$runt$runt
                    • API String ID: 0-2403373688
                    • Opcode ID: b905471143ae39fe3a1aa2c84d1bde57911185664f507502742fec8754940a5d
                    • Instruction ID: 67f8225da95372797ea919e22358b9a140df31ac5b33ae690706f4a59d5257db
                    • Opcode Fuzzy Hash: b905471143ae39fe3a1aa2c84d1bde57911185664f507502742fec8754940a5d
                    • Instruction Fuzzy Hash: B451AD74598A988FEB95DB1880543EABBD0FB55302FD4885DF4DAC3196CF248A81CB22
                    Strings
                    • hipCommDlgExtendedErrorCreateProcessAsUserWCryptAcquireContextWDHT has wrong lengthDQT has wrong lengthDRI has wrong lengthEgyptian_HieroglyphsEnumDisplaySettingsWEnumProcessModulesExFileTimeToSystemTimeGetAcceptExSockaddrsGetAdaptersAddressesGetCurrentDirecto, xrefs: 00000188C5433467
                    • wn hash value unknown status codeunknown wait reasonwglSwapLayerBufferswglUseFontOutlinesWwinmm.dll not foundx509: malformed OIDx509: trailing datax509: unknown errorzero length segment37252902984619140625AddFontMemResourceExArabic Standard TimeAzores Standard, xrefs: 00000188C5433415
                    • OpenSystemStoreWChangeServiceConfigWCheckTokenMembershipCommDlgExtendedErrorCreateProcessAsUserWCryptAcquireContextWDHT has wrong lengthDQT has wrong lengthDRI has wrong lengthEgyptian_HieroglyphsEnumDisplaySettingsWEnumProcessModulesExFileTimeToSystemTimeGetA, xrefs: 00000188C543349C
                    • ompression failuredefer on system stackexec: already startedextended echo requestfindrunnable: wrong pframe_ping_has_streamhttp: Handler timeouthttp: nil Request.URLhttps://%s:%s/connectimage: unknown formatin string escape codeinvalid JPEG format: invalid Num, xrefs: 00000188C543352C
                    • uestfindrunnable: wrong pframe_ping_has_streamhttp: Handler timeouthttp: nil Request.URLhttps://%s:%s/connectimage: unknown formatin string escape codeinvalid JPEG format: invalid NumericStringinvalid named captureinvalid scalar lengthkey is not comparablelink, xrefs: 00000188C54334DF
                    Memory Dump Source
                    • Source File: 00000000.00000002.2361158172.00000188C5400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000188C5400000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_188c5400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID: OpenSystemStoreWChangeServiceConfigWCheckTokenMembershipCommDlgExtendedErrorCreateProcessAsUserWCryptAcquireContextWDHT has wrong lengthDQT has wrong lengthDRI has wrong lengthEgyptian_HieroglyphsEnumDisplaySettingsWEnumProcessModulesExFileTimeToSystemTimeGetA$hipCommDlgExtendedErrorCreateProcessAsUserWCryptAcquireContextWDHT has wrong lengthDQT has wrong lengthDRI has wrong lengthEgyptian_HieroglyphsEnumDisplaySettingsWEnumProcessModulesExFileTimeToSystemTimeGetAcceptExSockaddrsGetAdaptersAddressesGetCurrentDirecto$ompression failuredefer on system stackexec: already startedextended echo requestfindrunnable: wrong pframe_ping_has_streamhttp: Handler timeouthttp: nil Request.URLhttps://%s:%s/connectimage: unknown formatin string escape codeinvalid JPEG format: invalid Num$uestfindrunnable: wrong pframe_ping_has_streamhttp: Handler timeouthttp: nil Request.URLhttps://%s:%s/connectimage: unknown formatin string escape codeinvalid JPEG format: invalid NumericStringinvalid named captureinvalid scalar lengthkey is not comparablelink$wn hash value unknown status codeunknown wait reasonwglSwapLayerBufferswglUseFontOutlinesWwinmm.dll not foundx509: malformed OIDx509: trailing datax509: unknown errorzero length segment37252902984619140625AddFontMemResourceExArabic Standard TimeAzores Standard
                    • API String ID: 0-1359432776
                    • Opcode ID: 31f97821183922c76492a8a9ec5226f5a267a952e3d36034a326dfd6ed937083
                    • Instruction ID: 0ed79c61e58a8b7c4716b844cc5400457e2c1c793eebc1279ff817b16694740d
                    • Opcode Fuzzy Hash: 31f97821183922c76492a8a9ec5226f5a267a952e3d36034a326dfd6ed937083
                    • Instruction Fuzzy Hash: 0D41A770258F488FDB48EB18C8897E9B7E1F7A9301F844A2EF449C71A5DF25E944C792
                    Strings
                    • lstartlockedm: locked to mestopped after 10 redirectstoo many colons in addresstruncated base 128 integerunclosed criterion bracketunexpected type in connectunknown ABI parameter kindunknown component selectorunsupported JPEG feature: use of invalid sweepLocke, xrefs: 00000188C542EF6B
                    • segment prefix is reservedshrinking stack in libcallstartlockedm: locked to mestopped after 10 redirectstoo many colons in addresstruncated base 128 integerunclosed criterion bracketunexpected type in connectunknown ABI parameter kindunknown component selector, xrefs: 00000188C542EF9E
                    • nown ABI parameter kindunknown component selectorunsupported JPEG feature: use of invalid sweepLockerwakep: negative nmspinningx509: invalid simple chainx509: malformed extensionsx509: malformed parameters && echo true || echo false is not assignable to type 3, xrefs: 00000188C542EECB
                    • runclosed criterion bracketunexpected type in connectunknown ABI parameter kindunknown component selectorunsupported JPEG feature: use of invalid sweepLockerwakep: negative nmspinningx509: invalid simple chainx509: malformed extensionsx509: malformed parameter, xrefs: 00000188C542EF03
                    • many colons in addresstruncated base 128 integerunclosed criterion bracketunexpected type in connectunknown ABI parameter kindunknown component selectorunsupported JPEG feature: use of invalid sweepLockerwakep: negative nmspinningx509: invalid simple chainx50, xrefs: 00000188C542EF33
                    Memory Dump Source
                    • Source File: 00000000.00000002.2361158172.00000188C5400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000188C5400000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_188c5400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID: many colons in addresstruncated base 128 integerunclosed criterion bracketunexpected type in connectunknown ABI parameter kindunknown component selectorunsupported JPEG feature: use of invalid sweepLockerwakep: negative nmspinningx509: invalid simple chainx50$lstartlockedm: locked to mestopped after 10 redirectstoo many colons in addresstruncated base 128 integerunclosed criterion bracketunexpected type in connectunknown ABI parameter kindunknown component selectorunsupported JPEG feature: use of invalid sweepLocke$nown ABI parameter kindunknown component selectorunsupported JPEG feature: use of invalid sweepLockerwakep: negative nmspinningx509: invalid simple chainx509: malformed extensionsx509: malformed parameters && echo true || echo false is not assignable to type 3$runclosed criterion bracketunexpected type in connectunknown ABI parameter kindunknown component selectorunsupported JPEG feature: use of invalid sweepLockerwakep: negative nmspinningx509: invalid simple chainx509: malformed extensionsx509: malformed parameter$segment prefix is reservedshrinking stack in libcallstartlockedm: locked to mestopped after 10 redirectstoo many colons in addresstruncated base 128 integerunclosed criterion bracketunexpected type in connectunknown ABI parameter kindunknown component selector
                    • API String ID: 0-649536820
                    • Opcode ID: f8dbc66f4e665dfcc0fca81cf31df548a293ac088897b6ac514494c50c8ebc73
                    • Instruction ID: 9e4ced1f7432a0a0ff02fc2f60ed1a56cb46c78dd5c1f170cea7ca51c0061d97
                    • Opcode Fuzzy Hash: f8dbc66f4e665dfcc0fca81cf31df548a293ac088897b6ac514494c50c8ebc73
                    • Instruction Fuzzy Hash: 2E413D75858B1C8FDF51EF18C440696B3E0FF6D710FA59A69A888E3215DF30F9808B86
                    Strings
                    • connectsrmount errortime exceededtimeEndPeriodtimer expiredtraceStackTabtrailing dataunsupported: user canceledvalue method wglShareListsxadd64 failedxchg64 failed on zero Value procedure in to finalizer .WithDeadline(1907348632812595367431640625: extra text, xrefs: 00000188C54373C0
                    • xceededtimeEndPeriodtimer expiredtraceStackTabtrailing dataunsupported: user canceledvalue method wglShareListsxadd64 failedxchg64 failed on zero Value procedure in to finalizer .WithDeadline(1907348632812595367431640625: extra text: <not Stringer>Accept-Char, xrefs: 00000188C54373A5
                    • ataunsupported: user canceledvalue method wglShareListsxadd64 failedxchg64 failed on zero Value procedure in to finalizer .WithDeadline(1907348632812595367431640625: extra text: <not Stringer>Accept-CharsetActivateActCtxCertCloseStoreClearCommBreakClearCommEr, xrefs: 00000188C543736D
                    • mActiveprofMemFuturesocks connectsrmount errortime exceededtimeEndPeriodtimer expiredtraceStackTabtrailing dataunsupported: user canceledvalue method wglShareListsxadd64 failedxchg64 failed on zero Value procedure in to finalizer .WithDeadline(190734863281259, xrefs: 00000188C54373D9
                    • ocusRectECDSAWithSHA1EnumPrintersWEnumProcessesExitWindowsExFQDN too longFindFirstFileFindNextFileWFindResourceWFreeAddrInfoWGC sweep waitGetClassNameWGetClientRectGetDeviceCapsGetDriveTypeWGetMenuItemIDGetScrollInfoGetSystemMenuGetThemeColorGetWindowRectGunja, xrefs: 00000188C5437397
                    Memory Dump Source
                    • Source File: 00000000.00000002.2361158172.00000188C5400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000188C5400000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_188c5400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID: connectsrmount errortime exceededtimeEndPeriodtimer expiredtraceStackTabtrailing dataunsupported: user canceledvalue method wglShareListsxadd64 failedxchg64 failed on zero Value procedure in to finalizer .WithDeadline(1907348632812595367431640625: extra text$ataunsupported: user canceledvalue method wglShareListsxadd64 failedxchg64 failed on zero Value procedure in to finalizer .WithDeadline(1907348632812595367431640625: extra text: <not Stringer>Accept-CharsetActivateActCtxCertCloseStoreClearCommBreakClearCommEr$mActiveprofMemFuturesocks connectsrmount errortime exceededtimeEndPeriodtimer expiredtraceStackTabtrailing dataunsupported: user canceledvalue method wglShareListsxadd64 failedxchg64 failed on zero Value procedure in to finalizer .WithDeadline(190734863281259$ocusRectECDSAWithSHA1EnumPrintersWEnumProcessesExitWindowsExFQDN too longFindFirstFileFindNextFileWFindResourceWFreeAddrInfoWGC sweep waitGetClassNameWGetClientRectGetDeviceCapsGetDriveTypeWGetMenuItemIDGetScrollInfoGetSystemMenuGetThemeColorGetWindowRectGunja$xceededtimeEndPeriodtimer expiredtraceStackTabtrailing dataunsupported: user canceledvalue method wglShareListsxadd64 failedxchg64 failed on zero Value procedure in to finalizer .WithDeadline(1907348632812595367431640625: extra text: <not Stringer>Accept-Char
                    • API String ID: 0-982357274
                    • Opcode ID: aa09366e56271cd167e66985f7e1af387fa4c9ccd6bead027ec1d8bddf5eafd3
                    • Instruction ID: 4a0beabf45ac1bca4e52f28dff116e4c115bc5cc5174175e880c95774de19194
                    • Opcode Fuzzy Hash: aa09366e56271cd167e66985f7e1af387fa4c9ccd6bead027ec1d8bddf5eafd3
                    • Instruction Fuzzy Hash: 38312D70458A4C9FDB51EF14D4407D6B7E0FB59300F90862AF489D3276EF35AA44CBA6
                    Strings
                    • wakeupout of memory (stackalloc)persistentalloc: size == 0read from empty dataBufferreadLoopPeekFailLocked: %wreflect.Value.CanInterfacereflect.Value.OverflowUintrequired key not availablesegment prefix is reservedshrinking stack in libcallstartlockedm: locked, xrefs: 00000188C542F05A
                    • o Int31ninvalid argument to Int63ninvalid port %q after hostinvalid request descriptormalformed HTTP status codemalformed chunked encodingmobile prefix solicitationname not unique on networknegative idle mark workersnet/http: request canceledno CSI structure a, xrefs: 00000188C542F0A6
                    • size == 0read from empty dataBufferreadLoopPeekFailLocked: %wreflect.Value.CanInterfacereflect.Value.OverflowUintrequired key not availablesegment prefix is reservedshrinking stack in libcallstartlockedm: locked to mestopped after 10 redirectstoo many colons i, xrefs: 00000188C542F029
                    • sequence tagged as setnotewakeup - double wakeupout of memory (stackalloc)persistentalloc: size == 0read from empty dataBufferreadLoopPeekFailLocked: %wreflect.Value.CanInterfacereflect.Value.OverflowUintrequired key not availablesegment prefix is reservedshr, xrefs: 00000188C542F085
                    • te pseudo-header %qencountered a cycle via %sextension header too shortfailed to find ConnectEx: forEachP: P did not run fnframe_priority_zero_streamframe_windowupdate_bad_lenfreedefer with d.fn != nilhttp2: Framer %p: wrote %vid (%v) <= evictCount (%v)invalid, xrefs: 00000188C542F071
                    Memory Dump Source
                    • Source File: 00000000.00000002.2361158172.00000188C5400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000188C5400000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_188c5400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID: sequence tagged as setnotewakeup - double wakeupout of memory (stackalloc)persistentalloc: size == 0read from empty dataBufferreadLoopPeekFailLocked: %wreflect.Value.CanInterfacereflect.Value.OverflowUintrequired key not availablesegment prefix is reservedshr$o Int31ninvalid argument to Int63ninvalid port %q after hostinvalid request descriptormalformed HTTP status codemalformed chunked encodingmobile prefix solicitationname not unique on networknegative idle mark workersnet/http: request canceledno CSI structure a$size == 0read from empty dataBufferreadLoopPeekFailLocked: %wreflect.Value.CanInterfacereflect.Value.OverflowUintrequired key not availablesegment prefix is reservedshrinking stack in libcallstartlockedm: locked to mestopped after 10 redirectstoo many colons i$te pseudo-header %qencountered a cycle via %sextension header too shortfailed to find ConnectEx: forEachP: P did not run fnframe_priority_zero_streamframe_windowupdate_bad_lenfreedefer with d.fn != nilhttp2: Framer %p: wrote %vid (%v) <= evictCount (%v)invalid$wakeupout of memory (stackalloc)persistentalloc: size == 0read from empty dataBufferreadLoopPeekFailLocked: %wreflect.Value.CanInterfacereflect.Value.OverflowUintrequired key not availablesegment prefix is reservedshrinking stack in libcallstartlockedm: locked
                    • API String ID: 0-1804931938
                    • Opcode ID: 75b98557f11b6ba8c41d1d754198d035486901a217ca63bafa10c8cbbc5989fc
                    • Instruction ID: 029f4702f43fa55b75dd42b4c00519cc0c7742c59dddb5fcb7e71ba2ca875541
                    • Opcode Fuzzy Hash: 75b98557f11b6ba8c41d1d754198d035486901a217ca63bafa10c8cbbc5989fc
                    • Instruction Fuzzy Hash: 98217F71848B1C8BDF51EF14D8512D6B3E0FF69300F95962AA585E3255CF70BA408B96
                    Strings
                    • negative DSA parameter2220446049250313080847263336181640625No supported authentication mechanismRoundTrip on uninitialized ClientConnUnsubscribeServiceChangeNotifications_cgo_notify_runtime_init_done missingall goroutines are asleep - deadlock!bigmod: internal, xrefs: 00000188C5429BB2
                    • successhttp2: Transport sending health checkinternal error: unknown network type method ABI and value ABI do not alignout does not point to an integer typereflect.Value.Bytes of non-byte arrayreflect.Value.Bytes of non-byte slicereflect.Value.Bytes of non-rune, xrefs: 00000188C5429BE0
                    • with prec > 18salsa20: nonce must be 8 or 24 bytesstartm: P required for spinning=truestrings.Builder.Grow: negative countsyntax error scanning complex numbertls: server did not send a key shareuncaching span but s.allocCount == 0unsupported SSLv2 handshake re, xrefs: 00000188C5429B82
                    • ion pointx509: invalid subject key identifierx509: malformed algorithm identifierx509: zero or negative DSA parameter2220446049250313080847263336181640625No supported authentication mechanismRoundTrip on uninitialized ClientConnUnsubscribeServiceChangeNotifica, xrefs: 00000188C5429C11
                    • aFixed64 called with prec > 18salsa20: nonce must be 8 or 24 bytesstartm: P required for spinning=truestrings.Builder.Grow: negative countsyntax error scanning complex numbertls: server did not send a key shareuncaching span but s.allocCount == 0unsupported SS, xrefs: 00000188C5429B92
                    Memory Dump Source
                    • Source File: 00000000.00000002.2361158172.00000188C5400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000188C5400000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_188c5400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID: aFixed64 called with prec > 18salsa20: nonce must be 8 or 24 bytesstartm: P required for spinning=truestrings.Builder.Grow: negative countsyntax error scanning complex numbertls: server did not send a key shareuncaching span but s.allocCount == 0unsupported SS$ion pointx509: invalid subject key identifierx509: malformed algorithm identifierx509: zero or negative DSA parameter2220446049250313080847263336181640625No supported authentication mechanismRoundTrip on uninitialized ClientConnUnsubscribeServiceChangeNotifica$negative DSA parameter2220446049250313080847263336181640625No supported authentication mechanismRoundTrip on uninitialized ClientConnUnsubscribeServiceChangeNotifications_cgo_notify_runtime_init_done missingall goroutines are asleep - deadlock!bigmod: internal$successhttp2: Transport sending health checkinternal error: unknown network type method ABI and value ABI do not alignout does not point to an integer typereflect.Value.Bytes of non-byte arrayreflect.Value.Bytes of non-byte slicereflect.Value.Bytes of non-rune$with prec > 18salsa20: nonce must be 8 or 24 bytesstartm: P required for spinning=truestrings.Builder.Grow: negative countsyntax error scanning complex numbertls: server did not send a key shareuncaching span but s.allocCount == 0unsupported SSLv2 handshake re
                    • API String ID: 0-188637983
                    • Opcode ID: cd46d18f0dfb5ee07bbfe465239a8641630a3fd19151ba97bbcc1fe28de3b1c1
                    • Instruction ID: 1b15c35e8e9bca19cae147f0334a19d8476cd2330e797541639f755341ec06b7
                    • Opcode Fuzzy Hash: cd46d18f0dfb5ee07bbfe465239a8641630a3fd19151ba97bbcc1fe28de3b1c1
                    • Instruction Fuzzy Hash: E921F97059470C8FDB08EF25E8952EA73E0F759305F80192EF045C3599EF299A848771
                    APIs
                    • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF7F3A0083B), ref: 00007FF7F3A0096C
                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF7F3A0083B), ref: 00007FF7F3A009F7
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: ConsoleErrorLastMode
                    • String ID:
                    • API String ID: 953036326-0
                    • Opcode ID: f854fdff14751819e3db8876aa7de23db7e3aabaebdf9d43d1180a2304a5defa
                    • Instruction ID: f6d51ffff2875e05a9e666f3e8e58d2bb8833b089548e8b1d752d3cce46c47d1
                    • Opcode Fuzzy Hash: f854fdff14751819e3db8876aa7de23db7e3aabaebdf9d43d1180a2304a5defa
                    • Instruction Fuzzy Hash: F091F7B2E0865185F790EF768440A7DABA0BB00788F944135EE5E7F6C9CE3CD455C7A0
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: _invalid_parameter_noinfo
                    • String ID:
                    • API String ID: 3215553584-0
                    • Opcode ID: 141d36151ac7e6a1d6184574ada89449cf303aa53ba8d308b1d166dcd28a2845
                    • Instruction ID: 93182078937877ed8c0ad387bbad34b6c20937341c2bc58f50c9b2227affaff4
                    • Opcode Fuzzy Hash: 141d36151ac7e6a1d6184574ada89449cf303aa53ba8d308b1d166dcd28a2845
                    • Instruction Fuzzy Hash: CE41586290CA8589E792EF21C41027DBBA0AB45F4CF859171C6AD1F3C9DE3DE455C3B2
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: CurrentProcess$CloseCreateFileHandle
                    • String ID:
                    • API String ID: 2276438911-0
                    • Opcode ID: 4673fd774f1534a66f292048c187fdf6ec62987b092b7ac2984697f7c2f91c14
                    • Instruction ID: d55b6a556d971380d2e69fff1f4e7bfbc3484a386ac847b0d8c93cd908a49f2f
                    • Opcode Fuzzy Hash: 4673fd774f1534a66f292048c187fdf6ec62987b092b7ac2984697f7c2f91c14
                    • Instruction Fuzzy Hash: 60216531A1CB4182E790EB21F44976AB760FB557A4F540235EBAD1BBD8CF3CD1458B50
                    APIs
                    • GetCPInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,libmupdf.dll,COMSPEC,?,?,00000001,?), ref: 00007FF7F3A0A22F
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: Info
                    • String ID: COMSPEC$libmupdf.dll
                    • API String ID: 1807457897-3318604599
                    • Opcode ID: 3cd9fa80fbc280b45a25a6c7900655d510f199fe9150e200d87ae0dd40840c6a
                    • Instruction ID: 560746a9d66c5aa40b5186a1756b9e3033cb2a4a374e771e317b87f68835af24
                    • Opcode Fuzzy Hash: 3cd9fa80fbc280b45a25a6c7900655d510f199fe9150e200d87ae0dd40840c6a
                    • Instruction Fuzzy Hash: A0A13AA3A0868145FBE4AB3284047BDA691AF547A8FC44231FE7C2F7D5EE3DD45483A0
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: CreateFrameInfo__except_validate_context_record
                    • String ID: csm
                    • API String ID: 2558813199-1018135373
                    • Opcode ID: 19e920bc8f392fb2af8a84fd196ece54414b2e295d64683c7c3c0c18fa502e1c
                    • Instruction ID: a00b3a900b28b7dc05b7436db80e860fa9fa38595366105162b4e3e7f9811a6a
                    • Opcode Fuzzy Hash: 19e920bc8f392fb2af8a84fd196ece54414b2e295d64683c7c3c0c18fa502e1c
                    • Instruction Fuzzy Hash: E8516F3261C74186D7A0FB56E04026DB7A4F788B94F501635EF9D1BB95CF38E4A0CB62
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: ErrorFileLastWrite
                    • String ID: U
                    • API String ID: 442123175-4171548499
                    • Opcode ID: 4d48e464ade5330f399e35b4b401385c1737bb7d1f32e9d7b686e6997630c13c
                    • Instruction ID: 84858d827ce2f5e5657153677ecb2266900b9e80344bb0e37333be1d10aadd21
                    • Opcode Fuzzy Hash: 4d48e464ade5330f399e35b4b401385c1737bb7d1f32e9d7b686e6997630c13c
                    • Instruction Fuzzy Hash: 27412562B18A4182DBA0EF26E444BA9B361FB88784F804031EE5D9F788DF7CD410C7A0
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: snprintf
                    • String ID: (*%i,%i~%i*%i:%i,%i:%i,%i,%i...*)/%p$none
                    • API String ID: 4288800496-728714503
                    • Opcode ID: d47cbe62acebf600edf2a10ac17974a1025d8c7d0f963ced4333641af9ec2926
                    • Instruction ID: b99dfa71294f51e99ef6916128ce07d649deda706e7cb358427035ca816b0d60
                    • Opcode Fuzzy Hash: d47cbe62acebf600edf2a10ac17974a1025d8c7d0f963ced4333641af9ec2926
                    • Instruction Fuzzy Hash: 68217E32A0878285DB40EF66E854569B7A4FB88FC4F980036EEADA7755DF3DD441CB80
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: snprintf
                    • String ID: none$rule:%i,%i:%i,%i:%i,%i,%i
                    • API String ID: 4288800496-1566156471
                    • Opcode ID: b1f7f0f652ead0f3328a723bb89bc2ee0815220bfde7b5ebde8315f5d387dffb
                    • Instruction ID: 20b3df9f69c0337cd61a6764065ddf6d9076e48a8a82629a18332697fbff6b83
                    • Opcode Fuzzy Hash: b1f7f0f652ead0f3328a723bb89bc2ee0815220bfde7b5ebde8315f5d387dffb
                    • Instruction Fuzzy Hash: FE118432A0474289EB94FF629854C69B6A4FB84BD4BD10535ED6D6B782CF3DD401CB84
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: snprintf
                    • String ID: [%i,%i:%i,%i:%i,%i,%i...]$none
                    • API String ID: 4288800496-3554008909
                    • Opcode ID: 8642ff075719b8a53adfdb4944fdb24d4931068e8016b000bc0a697d1b3095b6
                    • Instruction ID: e401a3d104ab5b7a0b4306d75784736f45a155431f923e7c9a457b9582815edf
                    • Opcode Fuzzy Hash: 8642ff075719b8a53adfdb4944fdb24d4931068e8016b000bc0a697d1b3095b6
                    • Instruction Fuzzy Hash: E6119632A047428AEB50FF62A845C69B6A4FB84BD4FD10535ED6D6B782CF3CD401CB94
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: snprintf
                    • String ID: none$v%i,%i;%i,%i:%i,%i,%i
                    • API String ID: 4288800496-2020333247
                    • Opcode ID: 55dbc684cdeeb760abec524501622f5b130bdd77d3f83f96e548773d951bf6c9
                    • Instruction ID: 3720e799ec4cc66c22a25c108cfcb40d02784a7dd779a51f4bf665d7e2377ba2
                    • Opcode Fuzzy Hash: 55dbc684cdeeb760abec524501622f5b130bdd77d3f83f96e548773d951bf6c9
                    • Instruction Fuzzy Hash: 3E118132A0474289DB90FF62A854C69B6A4FB84BD4F950535EE6D6B782CF3DD401CB84
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: BreakClassDebugDebuggerHandleIconLoadMessageModulePostPresentRegisterShowWindow
                    • String ID: Thank you for choosing SumatraPDF!
                    • API String ID: 4192187706-3499778608
                    • Opcode ID: 341e1c1cd1101d2abe8fbd4ff3e23e0037b5782728ae519acde85032f911bf8d
                    • Instruction ID: 2ee5b71d87a3b824c31367bb358aada79844eea35a9f49b1c21d4bf88f07a2d0
                    • Opcode Fuzzy Hash: 341e1c1cd1101d2abe8fbd4ff3e23e0037b5782728ae519acde85032f911bf8d
                    • Instruction Fuzzy Hash: 21117721E1C54781FBD0F722D851AB5B790AF94798FD45031DC6D2F3E1CD2DA4964BA0
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: snprintf
                    • String ID: kern:%i,%i:%i,%i:%i$none
                    • API String ID: 4288800496-732892837
                    • Opcode ID: 545a4d4e1e600e3aeea7dde33506a4f648416844b709d669141064a05eaf99f0
                    • Instruction ID: fb37cb2c454adf6b53dda691d11b8110183c819ff7fc2fdff525756224e55d21
                    • Opcode Fuzzy Hash: 545a4d4e1e600e3aeea7dde33506a4f648416844b709d669141064a05eaf99f0
                    • Instruction Fuzzy Hash: A0018472A0874286EB40FF62A49046AF660FF84BD4F840135EE9D6BB96CF3CD401DB94
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: wprintf
                    • String ID: %sbox bdry:%i,%i:%i,%i
                    • API String ID: 3614878089-2903665576
                    • Opcode ID: e939e7da60eebd6f819080883763d948ac074da60bff5ef5754ffb8c900f979f
                    • Instruction ID: adeb5879e7a2e107ee883a50bab8788a574a9d90ac67ed48956d9b06b3988ab1
                    • Opcode Fuzzy Hash: e939e7da60eebd6f819080883763d948ac074da60bff5ef5754ffb8c900f979f
                    • Instruction Fuzzy Hash: 9F015E32A0864281DF50FB26E490469E760FB85BC4F854432EE9DABBA6CF3CD441CB90
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: wprintf
                    • String ID: %sform ref:%i:%i,%i
                    • API String ID: 3614878089-2191088173
                    • Opcode ID: 57879bee7843e449233404fa86d4aa4db49bb63181a2f23014489ab32efc675c
                    • Instruction ID: 419283615ab316fadcea7e38a608852e72c1e479917d736fb7c3acd5b4119e9c
                    • Opcode Fuzzy Hash: 57879bee7843e449233404fa86d4aa4db49bb63181a2f23014489ab32efc675c
                    • Instruction Fuzzy Hash: D1012122B04A4681EF50FB16E490469E760FF85BC8FC09436EAADAB796CF3CD4418B50
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: snprintf
                    • String ID: math:%i,%i:%i,%i$none
                    • API String ID: 4288800496-3928973509
                    • Opcode ID: fca9206f5adef0e129ead6af1457289503ee98887f13784f73fb62f0aa7ed9ef
                    • Instruction ID: ef73372a4532b1c9ef3a24e597164a4053f328b4fd5227cf26180ab348a8ec7c
                    • Opcode Fuzzy Hash: fca9206f5adef0e129ead6af1457289503ee98887f13784f73fb62f0aa7ed9ef
                    • Instruction Fuzzy Hash: 4A017131A087428AEB40EF52A45046AF660EB84BD4FC44135F99D6B796DF3CD400CB94
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: snprintf
                    • String ID: box bdry:%i,%i:%i,%i$none
                    • API String ID: 4288800496-1465363301
                    • Opcode ID: f3e729677cf551c86ffc94987f2636d9bf1b32e9979843c393112414986d320a
                    • Instruction ID: fe8848a32c7be016fd31d09baca3ab60f0ef1f127f89aa9ed5daa18b674c7c21
                    • Opcode Fuzzy Hash: f3e729677cf551c86ffc94987f2636d9bf1b32e9979843c393112414986d320a
                    • Instruction Fuzzy Hash: D7014431A0878289EB40FF52B45046AF660FB84BD4FC44135FA9D6B796DF3CD5418B94
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: snprintf
                    • String ID: boundary:%i,%i:%i,%i$none
                    • API String ID: 4288800496-277490074
                    • Opcode ID: 2e175a386254919c3c0f9098484662ebb96d596d8091be2fb1e134b90bad8351
                    • Instruction ID: 65fc960e921f991eddf5b071751344e78dd024b31536e3929cf572b35cb143b9
                    • Opcode Fuzzy Hash: 2e175a386254919c3c0f9098484662ebb96d596d8091be2fb1e134b90bad8351
                    • Instruction Fuzzy Hash: 0D017171A087428AEB40EB62A45046AF660EB84BD4F844135F99D6BB96CF3CD4018B94
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: snprintf
                    • String ID: form ref:%i:%i,%i$none
                    • API String ID: 4288800496-2810448084
                    • Opcode ID: fe6bc8f6a56711fdba604ed31fd421e4f85a265117adb62ef1dcadc8a530d2d0
                    • Instruction ID: 819b4a90482245661305604673a04a0f9e20dd03807a87785c2642062868dab7
                    • Opcode Fuzzy Hash: fe6bc8f6a56711fdba604ed31fd421e4f85a265117adb62ef1dcadc8a530d2d0
                    • Instruction Fuzzy Hash: 93F06225A0874285EB90EB56F450565E660AF84BC4FD44135EAAC6BBE6CF3CD441CB50
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: snprintf
                    • String ID: Input:%i:%s(%i)$none
                    • API String ID: 4288800496-3426782485
                    • Opcode ID: 8e591719a6727c2d92aaa3957eb92742a7eb8ccae2004eeb7d8a1be9b37b69a2
                    • Instruction ID: 96d964ccb25a8a5f9c52e7e480caaba79dc9cafa7e5eacf5f7968a5aef61a136
                    • Opcode Fuzzy Hash: 8e591719a6727c2d92aaa3957eb92742a7eb8ccae2004eeb7d8a1be9b37b69a2
                    • Instruction Fuzzy Hash: 92F06225A0864381EB50F711F400165A3A0BF457C8FD44531EAAC6BBD9CF3CD401CB90
                    APIs
                    • LoadLibraryExW.KERNEL32(?,?,?,?,00007FF7F39C2296,?,?,-5555555555555556,?,BrowserExecutableFolder,00007FF7F39C2587), ref: 00007FF7F39C22C1
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: LibraryLoad
                    • String ID: GetCurrentProcessExplicitAppUserModelID$shell32.dll
                    • API String ID: 1029625771-718263829
                    • Opcode ID: 6b1e989db68000a8b89a24ff88eddb7c0445316bfc6600894062f8bcd47fd536
                    • Instruction ID: 5bcca9827cedf7df93abcc9f954f1b70e3da9542b2548cb5b4cfacee3a66754a
                    • Opcode Fuzzy Hash: 6b1e989db68000a8b89a24ff88eddb7c0445316bfc6600894062f8bcd47fd536
                    • Instruction Fuzzy Hash: A7D01710F0A90280EF88FB139C90920D2D0AF4D7A0FC48034D42C693D4EE2CE28A8FA0
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: snprintf
                    • String ID: <%i...>$none
                    • API String ID: 4288800496-3714575003
                    • Opcode ID: 229f4ccdd923800328aa634c9767c6c2e118bf7cbd422cdcf8e6bdd8605b3d9d
                    • Instruction ID: af4427da7c66ca242c2045324642fc9243151b5d6e8cdf22d33a765cd8235253
                    • Opcode Fuzzy Hash: 229f4ccdd923800328aa634c9767c6c2e118bf7cbd422cdcf8e6bdd8605b3d9d
                    • Instruction Fuzzy Hash: 46D01724A1964380EB85F312A852AB0A2107F94388FC00131E42C2A2D6CE1CA105CBE0
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2365285142.00007FF7F39C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7F39C0000, based on PE: true
                    • Associated: 00000000.00000002.2364475084.00007FF7F39C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365864129.00007FF7F3A12000.00000002.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2365988145.00007FF7F3A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366009403.00007FF7F3A3A000.00000008.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A3C000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366183120.00007FF7F3A42000.00000004.00000001.01000000.00000003.sdmpDownload File
                    • Associated: 00000000.00000002.2366223150.00007FF7F3A48000.00000002.00000001.01000000.00000003.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff7f39c0000_biubiu.jbxd
                    Similarity
                    • API ID: snprintf
                    • String ID: none${%i...}
                    • API String ID: 4288800496-2816292129
                    • Opcode ID: 02da5472d5f686de59a309ef0968660ac4c555fc419fcb77272547cd4786f989
                    • Instruction ID: 394dea6b34527f26791d4a4bda68d46329fda0f128579769d4a2b1c165b8f6ae
                    • Opcode Fuzzy Hash: 02da5472d5f686de59a309ef0968660ac4c555fc419fcb77272547cd4786f989
                    • Instruction Fuzzy Hash: FDD01710E0A543C0FB84F712A851AE192106F54388FC00036D42C2E2E1DE1DA50ACBE0
                    Strings
                    • AYS_ABORTSERIALIZESEVSEV_64BITSEV_ALTERNATIVESEV_DEBUGSWAPSEV_ESSEV_RESTRICTEDSEV_SNPSGXSGXLCSHASMESME_COHERENTSPEC_CTRL_SSBDSRBDS_CTRLSSESSE2SSE3SSE4SSE42SSE4ASSSE3STIBPSTIBP_ALWAYSONSTOSB_SHORTSUCCORSVMSVMDASVMFBASIDSVMLSVMNPSVMPFSVMPFTSYSCALLSYSEETBMTDX_GUE, xrefs: 00000188C5424FDF
                    • : invalid byte %q in %s; dropping invalid bytesnet/http: request canceled while waiting for connectionos: invalid use of WriteAt on file opened with O_APPENDprogressive AC coefficients for more than one componentreflect: internal error: invalid use of makeMeth, xrefs: 00000188C5424F50
                    • ocked - invalid free of user arena chunknet/http: invalid byte %q in %s; dropping invalid bytesnet/http: request canceled while waiting for connectionos: invalid use of WriteAt on file opened with O_APPENDprogressive AC coefficients for more than one component, xrefs: 00000188C5424F70
                    • SME_COHERENTSPEC_CTRL_SSBDSRBDS_CTRLSSESSE2SSE3SSE4SSE42SSE4ASSSE3STIBPSTIBP_ALWAYSONSTOSB_SHORTSUCCORSVMSVMDASVMFBASIDSVMLSVMNPSVMPFSVMPFTSYSCALLSYSEETBMTDX_GUESTTLB_FLUSH_NESTEDTMETOPEXTTSCRATEMSRTSXLDTRKVAESVMCBCLEANVMPLVMSA_REGPROTVMXVPCLMULQDQVTEWAITPKGWB, xrefs: 00000188C5424F7C
                    Memory Dump Source
                    • Source File: 00000000.00000002.2361158172.00000188C5400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000188C5400000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_188c5400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID: : invalid byte %q in %s; dropping invalid bytesnet/http: request canceled while waiting for connectionos: invalid use of WriteAt on file opened with O_APPENDprogressive AC coefficients for more than one componentreflect: internal error: invalid use of makeMeth$AYS_ABORTSERIALIZESEVSEV_64BITSEV_ALTERNATIVESEV_DEBUGSWAPSEV_ESSEV_RESTRICTEDSEV_SNPSGXSGXLCSHASMESME_COHERENTSPEC_CTRL_SSBDSRBDS_CTRLSSESSE2SSE3SSE4SSE42SSE4ASSSE3STIBPSTIBP_ALWAYSONSTOSB_SHORTSUCCORSVMSVMDASVMFBASIDSVMLSVMNPSVMPFSVMPFTSYSCALLSYSEETBMTDX_GUE$SME_COHERENTSPEC_CTRL_SSBDSRBDS_CTRLSSESSE2SSE3SSE4SSE42SSE4ASSSE3STIBPSTIBP_ALWAYSONSTOSB_SHORTSUCCORSVMSVMDASVMFBASIDSVMLSVMNPSVMPFSVMPFTSYSCALLSYSEETBMTDX_GUESTTLB_FLUSH_NESTEDTMETOPEXTTSCRATEMSRTSXLDTRKVAESVMCBCLEANVMPLVMSA_REGPROTVMXVPCLMULQDQVTEWAITPKGWB$ocked - invalid free of user arena chunknet/http: invalid byte %q in %s; dropping invalid bytesnet/http: request canceled while waiting for connectionos: invalid use of WriteAt on file opened with O_APPENDprogressive AC coefficients for more than one component
                    • API String ID: 0-3036113946
                    • Opcode ID: e5116a753484fe88c4c8072d524a9b77baed237c170a8b18bf288ef89e7e630e
                    • Instruction ID: 24be7df9e1af8c649ceffb146b5cb049424c11989deaf949f27018588323c06d
                    • Opcode Fuzzy Hash: e5116a753484fe88c4c8072d524a9b77baed237c170a8b18bf288ef89e7e630e
                    • Instruction Fuzzy Hash: 3A81F7B0548A188FDF94DF18C884BE577E1FB99310F8186AAE449C719BCF34DA44C7A2
                    Strings
                    • arsetActivateActCtxCertCloseStoreClearCommBreakClearCommErrorClientToScreenCloseClipboardCloseThemeDataCoInitializeExCoUninitializeComputerNameExContent-LengthControlServiceCreateEventExWCreateMutexExWCreateProcessWCreateServiceWCryptGenRandomDefWindowProcWDef, xrefs: 00000188C543723B
                    • 5: extra text: <not Stringer>Accept-CharsetActivateActCtxCertCloseStoreClearCommBreakClearCommErrorClientToScreenCloseClipboardCloseThemeDataCoInitializeExCoUninitializeComputerNameExContent-LengthControlServiceCreateEventExWCreateMutexExWCreateProcessWCreateS, xrefs: 00000188C5437249
                    • eStoreClearCommBreakClearCommErrorClientToScreenCloseClipboardCloseThemeDataCoInitializeExCoUninitializeComputerNameExContent-LengthControlServiceCreateEventExWCreateMutexExWCreateProcessWCreateServiceWCryptGenRandomDefWindowProcWDeferWindowPosDkim-SignatureDr, xrefs: 00000188C5437210
                    • earCommErrorClientToScreenCloseClipboardCloseThemeDataCoInitializeExCoUninitializeComputerNameExContent-LengthControlServiceCreateEventExWCreateMutexExWCreateProcessWCreateServiceWCryptGenRandomDefWindowProcWDeferWindowPosDkim-SignatureDragQueryFileWERR_UNKNOW, xrefs: 00000188C54371F2
                    Memory Dump Source
                    • Source File: 00000000.00000002.2361158172.00000188C5400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000188C5400000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_188c5400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID: 5: extra text: <not Stringer>Accept-CharsetActivateActCtxCertCloseStoreClearCommBreakClearCommErrorClientToScreenCloseClipboardCloseThemeDataCoInitializeExCoUninitializeComputerNameExContent-LengthControlServiceCreateEventExWCreateMutexExWCreateProcessWCreateS$arsetActivateActCtxCertCloseStoreClearCommBreakClearCommErrorClientToScreenCloseClipboardCloseThemeDataCoInitializeExCoUninitializeComputerNameExContent-LengthControlServiceCreateEventExWCreateMutexExWCreateProcessWCreateServiceWCryptGenRandomDefWindowProcWDef$eStoreClearCommBreakClearCommErrorClientToScreenCloseClipboardCloseThemeDataCoInitializeExCoUninitializeComputerNameExContent-LengthControlServiceCreateEventExWCreateMutexExWCreateProcessWCreateServiceWCryptGenRandomDefWindowProcWDeferWindowPosDkim-SignatureDr$earCommErrorClientToScreenCloseClipboardCloseThemeDataCoInitializeExCoUninitializeComputerNameExContent-LengthControlServiceCreateEventExWCreateMutexExWCreateProcessWCreateServiceWCryptGenRandomDefWindowProcWDeferWindowPosDkim-SignatureDragQueryFileWERR_UNKNOW
                    • API String ID: 0-3425431436
                    • Opcode ID: 616b89108bca5f8b6585c1a9154d67621d90bf28f66b100386d77dd060af4fcf
                    • Instruction ID: f89a490d22c57bb03a1652dc419cc154febbe40fc3a89d7aeb9d53c417dba789
                    • Opcode Fuzzy Hash: 616b89108bca5f8b6585c1a9154d67621d90bf28f66b100386d77dd060af4fcf
                    • Instruction Fuzzy Hash: 2341E170548B098FDB98DF18C084BD5B7E1FB59300F94956EE089C32A6DF359A89CBA0
                    Strings
                    • etSystemTimeAsFileTime() syscallfailed to parse certificate #%d in the chain: %winverse neighbor discovery advertisement messagenot enough significant bits after mult64bitPow10out points to big.Int, but defaultValue does notparsing/packing of this type isn't a, xrefs: 00000188C5425FE2
                    • PBOOSTCPPCCX16EFER_LMSLE_UNSENQCMDERMSF16CFLUSH_L1DFMA3FMA4FP128FP256FSRMFXSRFXSROPTGFNIHLEHRESETHTTHWAHYBRID_CPUHYPERVISORIA32_ARCH_CAPIA32_CORE_CAPIBPBIBRSIBRS_PREFERREDIBRS_PROVIDES_SMPIBSIBSBRNTRGTIBSFETCHSAMIBSFFVIBSOPCNTIBSOPCNTEXTIBSOPSAMIBSRDWROPCNTIBS, xrefs: 00000188C5426023
                    • riter returned negative count from Writecould not find GetSystemTimeAsFileTime() syscallfailed to parse certificate #%d in the chain: %winverse neighbor discovery advertisement messagenot enough significant bits after mult64bitPow10out points to big.Int, but d, xrefs: 00000188C5426012
                    • imerEx when creating timer failedbufio: writer returned negative count from Writecould not find GetSystemTimeAsFileTime() syscallfailed to parse certificate #%d in the chain: %winverse neighbor discovery advertisement messagenot enough significant bits after m, xrefs: 00000188C542603B
                    Memory Dump Source
                    • Source File: 00000000.00000002.2361158172.00000188C5400000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000188C5400000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_188c5400000_biubiu.jbxd
                    Similarity
                    • API ID:
                    • String ID: PBOOSTCPPCCX16EFER_LMSLE_UNSENQCMDERMSF16CFLUSH_L1DFMA3FMA4FP128FP256FSRMFXSRFXSROPTGFNIHLEHRESETHTTHWAHYBRID_CPUHYPERVISORIA32_ARCH_CAPIA32_CORE_CAPIBPBIBRSIBRS_PREFERREDIBRS_PROVIDES_SMPIBSIBSBRNTRGTIBSFETCHSAMIBSFFVIBSOPCNTIBSOPCNTEXTIBSOPSAMIBSRDWROPCNTIBS$etSystemTimeAsFileTime() syscallfailed to parse certificate #%d in the chain: %winverse neighbor discovery advertisement messagenot enough significant bits after mult64bitPow10out points to big.Int, but defaultValue does notparsing/packing of this type isn't a$imerEx when creating timer failedbufio: writer returned negative count from Writecould not find GetSystemTimeAsFileTime() syscallfailed to parse certificate #%d in the chain: %winverse neighbor discovery advertisement messagenot enough significant bits after m$riter returned negative count from Writecould not find GetSystemTimeAsFileTime() syscallfailed to parse certificate #%d in the chain: %winverse neighbor discovery advertisement messagenot enough significant bits after mult64bitPow10out points to big.Int, but d
                    • API String ID: 0-3320654916
                    • Opcode ID: dd5a0f5bf6b3846f416c2e2ac1f574c012ee57430822b974c54f39ac276bfcaa
                    • Instruction ID: 917d26a4a53ab9e769f6c85567d31a53054e8985170f7f535b5647fc43ca9025
                    • Opcode Fuzzy Hash: dd5a0f5bf6b3846f416c2e2ac1f574c012ee57430822b974c54f39ac276bfcaa
                    • Instruction Fuzzy Hash: 2B111C70559B098BDB51EB14D841BDAB3E0FB49300FD05526B459D316BEF28DA448BB2